model

package
v1.66.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 21, 2026 License: BSD-3-Clause Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AllActiveDirectoryGroupScope = []ActiveDirectoryGroupScope{
	ActiveDirectoryGroupScopeUniversal,
	ActiveDirectoryGroupScopeGlobal,
	ActiveDirectoryGroupScopeDomainLocal,
}
View Source 
var AllActiveDirectoryPasswordPolicySourceType = []ActiveDirectoryPasswordPolicySourceType{
	ActiveDirectoryPasswordPolicySourceTypeDomainPolicy,
	ActiveDirectoryPasswordPolicySourceTypeFineGrainedPolicy,
	ActiveDirectoryPasswordPolicySourceTypeUnknown,
}
View Source 
var AllAggressionLevel = []AggressionLevel{
	AggressionLevelMostAggressive,
	AggressionLevelDefaultAggression,
}
View Source 
var AllAlertType = []AlertType{
	AlertTypePasswordBruteForceAlert,
	AlertTypeGoldenTicketAlert,
	AlertTypeNtlmRelayAlert,
	AlertTypeDcSyncAlert,
	AlertTypeGeoLocationAnomalyAlert,
	AlertTypeCredSspVulnerabilityAlert,
	AlertTypeIdentityVerificationDenyAlert,
	AlertTypeHiddenObjectAlert,
	AlertTypeDailyTargetVolumeAnomalyAlert,
	AlertTypeNewEntityAbnormalUsageAlert,
	AlertTypeAnomalousRPCAlert,
	AlertTypeForbiddenCountryAlert,
	AlertTypeGeoLocationVelocityAnomalyAlert,
	AlertTypePassTheHashAlert,
	AlertTypeStaleAccountUsageAlert,
	AlertTypeCredentialScanningAlert,
	AlertTypeNewServerAccessAlert,
	AlertTypeStaleServiceUsageAlert,
	AlertTypeCredentialTheftAlert,
	AlertTypeForgedPacAlert,
	AlertTypeLateralMovementAlert,
	AlertTypeSkeletonKeyAlert,
	AlertTypeIdentityVerificationTimeoutAlert,
	AlertTypeAbnormalUsageAlert,
	AlertTypeLdapReconnaissanceAlert,
	AlertTypePassTheTicketAlert,
	AlertTypeIdentityVerificationApproveAlert,
	AlertTypeStaleHostUsageAlert,
	AlertTypePolicyRuleMatchAlert,
	AlertTypeDailyVolumeAnomalyAlert,
	AlertTypeRemoteCodeExecutionAlert,
	AlertTypeBadReputationIPUsageAlert,
	AlertTypeBronzeBitAlert,
	AlertTypePrivilegeEscalationAlert,
	AlertTypeSuspiciousMachineAccountAlterationAlert,
	AlertTypeHoneytokenActivityAlert,
	AlertTypeHoneytokenAlterationAlert,
	AlertTypeAnomalousCertificateBasedActivityAlert,
	AlertTypeSuspiciousCloudActivityMLAlert,
}
View Source 
var AllApplicationSpecificError = []ApplicationSpecificError{
	ApplicationSpecificErrorStatusAccountDisabled,
	ApplicationSpecificErrorStatusAccountExpired,
	ApplicationSpecificErrorStatusAccountLockedOut,
	ApplicationSpecificErrorStatusInvalidWorkstation,
}
View Source 
var AllAttackPathRelation = []AttackPathRelation{
	AttackPathRelationAdmin,
	AttackPathRelationPasswordResetter,
	AttackPathRelationAllowedToAddToGroup,
	AttackPathRelationAllowedToModifyPermissions,
	AttackPathRelationInGroup,
	AttackPathRelationLoggedOnToEp,
	AttackPathRelationLocalAdmin,
	AttackPathRelationDuplicatedLocalAdmin,
	AttackPathRelationApplicationOwner,
	AttackPathRelationApplicationController,
	AttackPathRelationRoleMember,
	AttackPathRelationAdminReplicator,
	AttackPathRelationAdminSidTakeover,
	AttackPathRelationAdminUnconstrainedSvcDelegation,
	AttackPathRelationAdminConstrainedSvcDelegation,
	AttackPathRelationAdminAuthenticateAsAnyDomainUserCaTemplate,
	AttackPathRelationAdminAuthenticateAsAnyDomainUserWithRequestAgent,
	AttackPathRelationDuplicatePassword,
	AttackPathRelationOwnerAdmin,
	AttackPathRelationCaTemplate,
	AttackPathRelationAllowedToWriteKeyCredential,
	AttackPathRelationAllowedToWriteOwnerCaTemplate,
	AttackPathRelationAllowedToWriteDaclCaTemplate,
	AttackPathRelationAllowedToWritePropertyCaTemplate,
	AttackPathRelationAllowedToEnrollCaTemplate,
}
View Source 
var AllAuthenticationType = []AuthenticationType{
	AuthenticationTypeDomainLogin,
	AuthenticationTypeSsoLogin,
	AuthenticationTypeLdapAuthentication,
	AuthenticationTypeNtlmAuthentication,
	AuthenticationTypeKerberosAuthentication,
	AuthenticationTypeSmbSessionSetup,
}
View Source 
var AllBindingType = []BindingType{
	BindingTypeActivityOrigin,
	BindingTypeLogin,
	BindingTypeOwnership,
	BindingTypeRecentlyVerifiedLogin,
	BindingTypeServiceAccess,
	BindingTypeLdapAuthentication,
	BindingTypeServiceExecution,
	BindingTypeEndpointAuthorization,
	BindingTypeCloudServiceAccess,
	BindingTypeGeoLocation,
	BindingTypeLocalAdministrator,
	BindingTypeManage,
	BindingTypeManaged,
	BindingTypeAuthorizer,
	BindingTypeAuthorized,
	BindingTypeRbacAssignment,
	BindingTypeLinkedAccount,
}
View Source 
var AllBusinessPrivilegeImpact = []BusinessPrivilegeImpact{
	BusinessPrivilegeImpactLow,
	BusinessPrivilegeImpactMedium,
	BusinessPrivilegeImpactHigh,
}
View Source 
var AllBusinessRole = []BusinessRole{
	BusinessRoleRegular,
	BusinessRoleExecutive,
	BusinessRoleAdmin,
	BusinessRoleFinance,
	BusinessRoleIt,
	BusinessRoleGuest,
}
View Source 
var AllConnectorStatus = []ConnectorStatus{
	ConnectorStatusInitial,
	ConnectorStatusSuccess,
	ConnectorStatusCommonError,
	ConnectorStatusCommonConnectionError,
	ConnectorStatusAuthenticationError,
	ConnectorStatusAuthorizationError,
	ConnectorStatusDomainNotInWhitelistError,
	ConnectorStatusInvalidClientIDOrSecretError,
	ConnectorStatusMissingPermission,
	ConnectorStatusMissingPartialPermission,
	ConnectorStatusRateLimitExceeded,
	ConnectorStatusLicenseWillExpireSoon,
	ConnectorStatusLicenseExpired,
}
View Source 
var AllDataSource = []DataSource{
	DataSourceSniffer,
	DataSourceActiveDirectory,
	DataSourceAdfs,
	DataSourceOkta,
	DataSourceAzure,
	DataSourcePingIDEntity,
	DataSourceAws,
}
View Source 
var AllDataSourceCategory = []DataSourceCategory{
	DataSourceCategoryOnPremisesTraffic,
	DataSourceCategoryIdaas,
	DataSourceCategoryOnPremisesSso,
	DataSourceCategoryPam,
	DataSourceCategoryTraffic,
	DataSourceCategorySso,
}
View Source 
var AllDcerpcSignature = []DcerpcSignature{
	DcerpcSignatureDcSync,
	DcerpcSignatureSpnModification,
	DcerpcSignatureReplicationServerRegistration,
	DcerpcSignatureScheduledTaskCreation,
	DcerpcSignatureRemoteServiceInterface,
	DcerpcSignatureNetSessionEnumeration,
	DcerpcSignatureSamrInterface,
	DcerpcSignatureDcomInterface,
	DcerpcSignatureTaskSchduleInterface,
	DcerpcSignatureIremoteWinspoolInterface,
	DcerpcSignatureZerologonExploit,
	DcerpcSignatureCreateService,
}
View Source 
var AllEndpointEntityClassification = []EndpointEntityClassification{
	EndpointEntityClassificationWorkstation,
	EndpointEntityClassificationServer,
	EndpointEntityClassificationImpersonator,
	EndpointEntityClassificationApplicationServer,
	EndpointEntityClassificationFileServer,
	EndpointEntityClassificationVdiEndpoint,
}
View Source 
var AllEngagementAuthenticationStatus = []EngagementAuthenticationStatus{
	EngagementAuthenticationStatusPending,
	EngagementAuthenticationStatusApprove,
	EngagementAuthenticationStatusAutoApprove,
	EngagementAuthenticationStatusAutoDeny,
	EngagementAuthenticationStatusDenyAndNotFraud,
	EngagementAuthenticationStatusDenyAndFraudulent,
	EngagementAuthenticationStatusDenyAndUnknown,
	EngagementAuthenticationStatusInvalidUserInput,
	EngagementAuthenticationStatusUserResponseTimeout,
	EngagementAuthenticationStatusUserNotEnrolled,
	EngagementAuthenticationStatusNoValidAuthorizer,
	EngagementAuthenticationStatusError,
}
View Source 
var AllEngagementType = []EngagementType{
	EngagementTypeGoogleAuthEnroll,
	EngagementTypeEmailVerification,
	EngagementTypeEmailNotification,
	EngagementTypeSmsNotification,
	EngagementTypeSmsVerification,
	EngagementTypeMfa,
}
View Source 
var AllEntityContainerType = []EntityContainerType{
	EntityContainerTypeActiveDirectoryGroup,
	EntityContainerTypeAzureGroup,
	EntityContainerTypeAzureRole,
	EntityContainerTypeAwsGroup,
}
View Source 
var AllEntityMembershipType = []EntityMembershipType{
	EntityMembershipTypeUserInDepartment,
	EntityMembershipTypeUserInOrganizationalUnit,
}
View Source 
var AllEntityRoleType = []EntityRoleType{
	EntityRoleTypeOperatorLevelAdminRole,
	EntityRoleTypeAdminAccountRole,
	EntityRoleTypeAzurePrivilegedRole,
	EntityRoleTypeAzureGlobalPrivilegesRole,
	EntityRoleTypeAzureCredentialsPrivilegesRole,
	EntityRoleTypeAzureAccessPrivilegesRole,
	EntityRoleTypeAzureApplicationPrivilegesRole,
	EntityRoleTypeAzureSecurityPrivilegesRole,
	EntityRoleTypeAzurePrivilegedApplicationControllerRole,
	EntityRoleTypeAzureSecurityGroupRole,
	EntityRoleTypeAzureMicrosoft365GroupRole,
	EntityRoleTypeAzureDistributionGroupRole,
	EntityRoleTypeEffectiveAdminRole,
	EntityRoleTypeServerRole,
	EntityRoleTypeClassificationRole,
	EntityRoleTypeDomainLevelAdminRole,
	EntityRoleTypeProgrammaticUserAccountRole,
	EntityRoleTypeForestLevelAdminRole,
	EntityRoleTypeApplicationServerRole,
	EntityRoleTypeAccountOperatorsAdminRole,
	EntityRoleTypeEffectiveReplicatorsAdminRole,
	EntityRoleTypeKrbtgtAccountAdminRole,
	EntityRoleTypeDomainControllersAdminRole,
	EntityRoleTypeReadOnlyDomainControllersAdminRole,
	EntityRoleTypeReplicatorsAdminRole,
	EntityRoleTypeMailboxRole,
	EntityRoleTypePrivilegedGroupControllerAdminRole,
	EntityRoleTypeDNSServerRole,
	EntityRoleTypeDomainAdminsRole,
	EntityRoleTypeSchemaAdminsRole,
	EntityRoleTypeAdministratorsRole,
	EntityRoleTypeBuiltinAdministratorRole,
	EntityRoleTypeEnterpriseAdminsRole,
	EntityRoleTypePasswordResetterAdminRole,
	EntityRoleTypePermissionsControllerAdminRole,
	EntityRoleTypeObjectSidTakeoverAdminRole,
	EntityRoleTypeBackupOperatorsAdminRole,
	EntityRoleTypePrintOperatorsAdminRole,
	EntityRoleTypeServerOperatorsAdminRole,
	EntityRoleTypeServiceDelegationAdminRole,
	EntityRoleTypeUnconstrainedServiceDelegationAdminRole,
	EntityRoleTypeConstrainedServiceDelegationAdminRole,
	EntityRoleTypeFileServerRole,
	EntityRoleTypeHumanUserAccountRole,
	EntityRoleTypeWorkstationRole,
	EntityRoleTypeNtlmMovementRole,
	EntityRoleTypeDomainControllerRole,
	EntityRoleTypeVdiEndpointRole,
	EntityRoleTypeExchangeServerRole,
	EntityRoleTypeLocalAdminRole,
	EntityRoleTypeBusinessPrivilegeRole,
	EntityRoleTypeContainerRole,
	EntityRoleTypePermissionAssignerRole,
	EntityRoleTypeMailingListRole,
	EntityRoleTypeSecurityGroupRole,
	EntityRoleTypeDistributionGroupRole,
	EntityRoleTypeHoneytokenRole,
	EntityRoleTypeCertificateAuthorityServerRole,
	EntityRoleTypeCertificateAuthorityAdminRole,
	EntityRoleTypeAuthenticationCertificateTemplateControllerRole,
	EntityRoleTypeKeyCredentialAdminRole,
	EntityRoleTypeOwnerAdminRole,
	EntityRoleTypeCertificateAuthenticationAsAnyDomainUserRole,
	EntityRoleTypeAuthenticationAsAnyUserWithCertificateRequestAgentRole,
}
View Source 
var AllEntitySortKey = []EntitySortKey{
	EntitySortKeyEntityID,
	EntitySortKeyRiskScore,
	EntitySortKeyMostRecentActivity,
	EntitySortKeyCreationTime,
	EntitySortKeyExpirationTime,
	EntitySortKeyOpenIncidentCount,
	EntitySortKeyPrimaryDisplayName,
	EntitySortKeySecondaryDisplayName,
	EntitySortKeyOu,
	EntitySortKeyDepartment,
	EntitySortKeyLastUpdateTime,
}
View Source 
var AllEntityType = []EntityType{
	EntityTypeUser,
	EntityTypeEndpoint,
	EntityTypeCloudService,
	EntityTypeEntityContainer,
}
View Source 
var AllFileOperationType = []FileOperationType{
	FileOperationTypeGenericAccess,
	FileOperationTypeModify,
	FileOperationTypeDownload,
	FileOperationTypeMove,
	FileOperationTypeCopy,
	FileOperationTypeRename,
	FileOperationTypeDelete,
	FileOperationTypeUpload,
}
View Source 
var AllGeoJSONType = []GeoJSONType{
	GeoJSONTypePoint,
	GeoJSONTypeMultiPoint,
	GeoJSONTypeLineString,
	GeoJSONTypeMultiLineString,
	GeoJSONTypePolygon,
	GeoJSONTypeMultiPolygon,
	GeoJSONTypeGeometryCollection,
}
View Source 
var AllIPReputation = []IPReputation{
	IPReputationAnonymousActive,
	IPReputationAnonymousSuspect,
	IPReputationAnonymousInactive,
	IPReputationAnonymousPrivate,
	IPReputationDictionaryAttack,
	IPReputationDdosAttack,
	IPReputationSpam,
	IPReputationHostingFacility,
}
View Source 
var AllIncidentLifeCycleStage = []IncidentLifeCycleStage{
	IncidentLifeCycleStageNew,
	IncidentLifeCycleStageInProgress,
	IncidentLifeCycleStageDismiss,
	IncidentLifeCycleStageFalsePositive,
	IncidentLifeCycleStageResolved,
	IncidentLifeCycleStageAutoResolved,
}
View Source 
var AllIncidentLifeCycleStageInput = []IncidentLifeCycleStageInput{
	IncidentLifeCycleStageInputNew,
	IncidentLifeCycleStageInputInProgress,
	IncidentLifeCycleStageInputDismiss,
	IncidentLifeCycleStageInputFalsePositive,
	IncidentLifeCycleStageInputResolved,
}
View Source 
var AllIncidentSeverity = []IncidentSeverity{
	IncidentSeverityInfo,
	IncidentSeverityLow,
	IncidentSeverityMedium,
	IncidentSeverityHigh,
}
View Source 
var AllIncidentSortKey = []IncidentSortKey{
	IncidentSortKeyIncidentID,
	IncidentSortKeySeverity,
	IncidentSortKeyStartTime,
	IncidentSortKeyEndTime,
	IncidentSortKeyType,
	IncidentSortKeyStatus,
}
View Source 
var AllIncidentType = []IncidentType{
	IncidentTypeUnusualEndpointAccess,
	IncidentTypeUnusualServiceAccess,
	IncidentTypeUnusualEndpointUse,
	IncidentTypeSuspiciousDomainActivity,
	IncidentTypePotentialRiskyActivity,
	IncidentTypeDomainCompromise,
	IncidentTypeCredentialTheft,
	IncidentTypeEndpointCompromise,
	IncidentTypeSuspiciousMovement,
	IncidentTypeUnusualActivity,
}
View Source 
var AllIspClassification = []IspClassification{
	IspClassificationCom,
	IspClassificationOrg,
	IspClassificationGov,
	IspClassificationMil,
	IspClassificationEdu,
	IspClassificationLib,
	IspClassificationCdn,
	IspClassificationIsp,
	IspClassificationMob,
	IspClassificationDch,
	IspClassificationSes,
	IspClassificationRsv,
	IspClassificationIspMob,
	IspClassificationNone,
}
View Source 
var AllKerberosEncryptionType = []KerberosEncryptionType{
	KerberosEncryptionTypeDesCbcCrc,
	KerberosEncryptionTypeDesCbcMd4,
	KerberosEncryptionTypeDesCbcMd5,
	KerberosEncryptionTypeDesCbcRaw,
	KerberosEncryptionTypeDes3CbcSha,
	KerberosEncryptionTypeDes3CbcRaw,
	KerberosEncryptionTypeDesHmacSha1,
	KerberosEncryptionTypeDsaSha1Cms,
	KerberosEncryptionTypeMd5RsaCms,
	KerberosEncryptionTypeSha1RsaCms,
	KerberosEncryptionTypeRc2CbcEnv,
	KerberosEncryptionTypeRsaEnv,
	KerberosEncryptionTypeRsaEsOaepEnv,
	KerberosEncryptionTypeDes3CbcEnv,
	KerberosEncryptionTypeDes3CbcSha1,
	KerberosEncryptionTypeAes128CtsHmacSha1_96,
	KerberosEncryptionTypeAes256CtsHmacSha1_96,
	KerberosEncryptionTypeAes128CtsHmacSha256_128,
	KerberosEncryptionTypeDesCbcMd5Nt,
	KerberosEncryptionTypeRc4HmacNt,
	KerberosEncryptionTypeRc4HmacNtExp,
	KerberosEncryptionTypeCamellia128CtsCmac,
	KerberosEncryptionTypeCamellia256CtsCmac,
	KerberosEncryptionTypeRc4Md4,
	KerberosEncryptionTypeRc4Plain2,
	KerberosEncryptionTypeRc4Lm,
	KerberosEncryptionTypeRc4Sha,
	KerberosEncryptionTypeDesPlain,
	KerberosEncryptionTypeRc4HmacOld,
	KerberosEncryptionTypeRc4PlainOld,
	KerberosEncryptionTypeRc4HmacOldExp,
	KerberosEncryptionTypeRc4PlainOldExp,
	KerberosEncryptionTypeRc4Plain,
	KerberosEncryptionTypeRc4PlainExp,
	KerberosEncryptionTypeAes128CtsHmacSha1_96Plain,
	KerberosEncryptionTypeAes256CtsHmacSha1_96Plain,
}
View Source 
var AllKrbErrCode = []KrbErrCode{
	KrbErrCodeKdcErrNone,
	KrbErrCodeKdcErrNameExp,
	KrbErrCodeKdcErrServiceExp,
	KrbErrCodeKdcErrBadPvno,
	KrbErrCodeKdcErrCOldMastKvno,
	KrbErrCodeKdcErrSOldMastKvno,
	KrbErrCodeKdcErrCPrincipalUnknown,
	KrbErrCodeKdcErrSPrincipalUnknown,
	KrbErrCodeKdcErrPrincipalNotUnique,
	KrbErrCodeKdcErrNullKey,
	KrbErrCodeKdcErrCannotPostdate,
	KrbErrCodeKdcErrNeverValid,
	KrbErrCodeKdcErrPolicy,
	KrbErrCodeKdcErrBadoption,
	KrbErrCodeKdcErrEnctypeNosupp,
	KrbErrCodeKdcErrSumtypeNosupp,
	KrbErrCodeKdcErrPadataTypeNosupp,
	KrbErrCodeKdcErrTrtypeNosupp,
	KrbErrCodeKdcErrClientRevoked,
	KrbErrCodeKdcErrServiceRevoked,
	KrbErrCodeKdcErrTgtRevoked,
	KrbErrCodeKdcErrClientNotyet,
	KrbErrCodeKdcErrServiceNotyet,
	KrbErrCodeKdcErrKeyExp,
	KrbErrCodeKdcErrPreauthFailed,
	KrbErrCodeKdcErrPreauthRequired,
	KrbErrCodeKdcErrServerNomatch,
	KrbErrCodeKdcErrMustUseUser2user,
	KrbErrCodeKdcErrPathNotAccepted,
	KrbErrCodeKdcErrSvcUnavailable,
	KrbErrCodeKrbApErrBadIntegrity,
	KrbErrCodeKrbApErrTktExpired,
	KrbErrCodeKrbApErrTktNyv,
	KrbErrCodeKrbApErrRepeat,
	KrbErrCodeKrbApErrNotUs,
	KrbErrCodeKrbApErrBadmatch,
	KrbErrCodeKrbApErrSkew,
	KrbErrCodeKrbApErrBadaddr,
	KrbErrCodeKrbApErrBadversion,
	KrbErrCodeKrbApErrMsgType,
	KrbErrCodeKrbApErrModified,
	KrbErrCodeKrbApErrBadorder,
	KrbErrCodeKrbApErrBadkeyver,
	KrbErrCodeKrbApErrNokey,
	KrbErrCodeKrbApErrMutFail,
	KrbErrCodeKrbApErrBaddirection,
	KrbErrCodeKrbApErrMethod,
	KrbErrCodeKrbApErrBadseq,
	KrbErrCodeKrbApErrInappCksum,
	KrbErrCodeKrbApPathNotAccepted,
	KrbErrCodeKrbErrResponseTooBig,
	KrbErrCodeKrbErrGeneric,
	KrbErrCodeKrbErrFieldToolong,
	KrbErrCodeKdcErrClientNotTrusted,
	KrbErrCodeKdcErrKdcNotTrusted,
	KrbErrCodeKdcErrInvalidSig,
	KrbErrCodeKdcErrDhKeyParametersNotAccepted,
	KrbErrCodeKdcErrCertificateMismatch,
	KrbErrCodeKrbApErrNoTgt,
	KrbErrCodeKdcErrWrongRealm,
	KrbErrCodeKrbApErrUserToUserRequired,
	KrbErrCodeKdcErrCantVerifyCertificate,
	KrbErrCodeKdcErrInvalidCertificate,
	KrbErrCodeKdcErrRevokedCertificate,
	KrbErrCodeKdcErrRevocationStatusUnknown,
	KrbErrCodeKdcErrRevocationStatusUnavailable,
	KrbErrCodeKdcErrClientNameMismatch,
	KrbErrCodeKdcErrInconsistentKeyPurpose,
	KrbErrCodeKdcErrDigestInCertNotAccepted,
	KrbErrCodeKdcErrPaChecksumMustBeIncluded,
	KrbErrCodeKdcErrDigestInSignedDataNotAccepted,
	KrbErrCodeKdcErrPublicKeyEncryptionNotSupported,
	KrbErrCodeKrbApErrIakerbKdcNotFound,
	KrbErrCodeKrbApErrIakerbKdcNoResponse,
	KrbErrCodeKrbErrMax,
}
View Source 
var AllLdapBindResult = []LdapBindResult{
	LdapBindResultSuccess,
	LdapBindResultOperationError,
	LdapBindResultProtocolError,
	LdapBindResultTimeLimitExceeded,
	LdapBindResultSizeLimitExceeded,
	LdapBindResultCompareFalse,
	LdapBindResultCompareTrue,
	LdapBindResultAuthMethodNotSupported,
	LdapBindResultStrongerAuthRequired,
	LdapBindResultReferral,
	LdapBindResultAdminLimitExceeded,
	LdapBindResultUnavailableCriticialExtension,
	LdapBindResultConfidentialityRequired,
	LdapBindResultSaslBindInProgress,
	LdapBindResultNoSuchAttribute,
	LdapBindResultUndefinedType,
	LdapBindResultInappropriateMatching,
	LdapBindResultConstantViolation,
	LdapBindResultTypeOrValueExists,
	LdapBindResultInvalidSyntax,
	LdapBindResultNoSuchObject,
	LdapBindResultAliasProblem,
	LdapBindResultInvalidDnSyntax,
	LdapBindResultIsLeaf,
	LdapBindResultAliasDerefProblem,
	LdapBindResultInappropriateAuth,
	LdapBindResultInvalidCredentials,
	LdapBindResultInsufficientAccess,
	LdapBindResultBusy,
	LdapBindResultUnavailable,
	LdapBindResultUnwillingToPerform,
	LdapBindResultLoopDetect,
	LdapBindResultNamingViolation,
	LdapBindResultObjectClassViolation,
	LdapBindResultNotAllowedOnNonleaf,
	LdapBindResultNotAllowedOnRdn,
	LdapBindResultAlreadyExists,
	LdapBindResultNoObjectClassMods,
	LdapBindResultResultsTooLarge,
	LdapBindResultAffectsToMultipleDsas,
	LdapBindResultBuiltinOtherCode,
	LdapBindResultTLSNotSupported,
	LdapBindResultOther,
}
View Source 
var AllLdapOperationResult = []LdapOperationResult{
	LdapOperationResultLdapSuccess,
	LdapOperationResultLdapOperationsError,
	LdapOperationResultLdapProtocolError,
	LdapOperationResultLdapTimelimitExceeded,
	LdapOperationResultLdapSizelimitExceeded,
	LdapOperationResultLdapCompareFalse,
	LdapOperationResultLdapCompareTrue,
	LdapOperationResultLdapAuthMethodNotSupported,
	LdapOperationResultLdapStrongAuthRequired,
	LdapOperationResultLdapReferral,
	LdapOperationResultLdapAdminlimitExceeded,
	LdapOperationResultLdapUnavailableCriticalExtension,
	LdapOperationResultLdapConfidentialityRequired,
	LdapOperationResultLdapSaslBindInProgress,
	LdapOperationResultLdapNoSuchAttribute,
	LdapOperationResultLdapUndefinedType,
	LdapOperationResultLdapInappropriateMatching,
	LdapOperationResultLdapConstraintViolation,
	LdapOperationResultLdapTypeOrValueExists,
	LdapOperationResultLdapInvalidSyntax,
	LdapOperationResultLdapNoSuchObject,
	LdapOperationResultLdapAliasProblem,
	LdapOperationResultLdapInvalidDnSyntax,
	LdapOperationResultLdapAliasDerefProblem,
	LdapOperationResultLdapInappropriateAuth,
	LdapOperationResultInvalidCredentials,
	LdapOperationResultWrongUsernameCasingOrPassword,
	LdapOperationResultAccountDoesNotExist,
	LdapOperationResultAccountIsLockedOrDisabled,
	LdapOperationResultClockSkew,
	LdapOperationResultAccountPasswordExpired,
	LdapOperationResultLdapInsufficientAccess,
	LdapOperationResultLdapBusy,
	LdapOperationResultLdapUnavailable,
	LdapOperationResultLdapUnwillingToPerform,
	LdapOperationResultLdapLoopDetect,
	LdapOperationResultLdapNamingViolation,
	LdapOperationResultLdapObjectClassViolation,
	LdapOperationResultLdapNotAllowedOnNonleaf,
	LdapOperationResultLdapNotAllowedOnRdn,
	LdapOperationResultLdapAlreadyExists,
	LdapOperationResultLdapNoObjectClassMods,
	LdapOperationResultLdapAffectsMultipleDsas,
	LdapOperationResultLdapDomainNotFound,
	LdapOperationResultLdapCertificateNotFound,
	LdapOperationResultLdapConnectError,
	LdapOperationResultLdapOther,
}
View Source 
var AllLdapQuerySignature = []LdapQuerySignature{
	LdapQuerySignatureGpoSearch,
	LdapQuerySignatureGroupMembershipEnumeration,
	LdapQuerySignatureACLEnumeration,
	LdapQuerySignatureSingleEntryQuery,
	LdapQuerySignatureSpnEnumeration,
	LdapQuerySignatureTrustEnumeration,
	LdapQuerySignatureGpoEnumeration,
	LdapQuerySignatureUserEnumeration,
	LdapQuerySignatureEndpointEnumeration,
	LdapQuerySignatureDcEnumeration,
	LdapQuerySignatureGroupEnumeration,
	LdapQuerySignatureOuEnumeration,
	LdapQuerySignatureAllObjectsEnumeration,
	LdapQuerySignatureAdcsEnumeration,
	LdapQuerySignatureAdcsMisconfigEnumeration,
	LdapQuerySignatureBloodhoundSharphound,
	LdapQuerySignatureSpnEnumerationImpacket,
	LdapQuerySignatureBloodhoundPowershell,
	LdapQuerySignatureSpnEnumerationKerberoasting,
	LdapQuerySignatureSpnEnumerationEmpire,
	LdapQuerySignatureSpnEnumerationPowersploit,
	LdapQuerySignatureSpnEnumerationRubeus,
	LdapQuerySignaturePreauthEnumeration,
	LdapQuerySignaturePreauthEnumerationRubeus,
	LdapQuerySignatureDelegationReconnaissance,
	LdapQuerySignatureDelegationReconnaissanceImpacket,
	LdapQuerySignaturePreauthEnumerationCme,
	LdapQuerySignatureDelegationReconnaissanceCme,
	LdapQuerySignatureAdminCountEnumeration,
	LdapQuerySignatureAdminCountEnumerationCme,
	LdapQuerySignatureBloodhoundPython,
	LdapQuerySignatureSpnEnumerationKerberoast,
	LdapQuerySignatureAdfind,
	LdapQuerySignatureKrbRelay,
	LdapQuerySignatureCertipy,
	LdapQuerySignatureAdcsReconTools,
	LdapQuerySignatureRubeusEnumerationDomainPolicy,
	LdapQuerySignatureAdreconReconnaissance,
	LdapQuerySignatureMlHighConfidence,
}
View Source 
var AllLdapSecurityType = []LdapSecurityType{
	LdapSecurityTypeUnknown,
	LdapSecurityTypeNone,
	LdapSecurityTypeTLS,
	LdapSecurityTypeSaslIntegrity,
	LdapSecurityTypeSaslConfidentiality,
}
View Source 
var AllMfaConnectorType = []MfaConnectorType{
	MfaConnectorTypeDuoAuth,
	MfaConnectorTypeSecureAuthAuth,
	MfaConnectorTypeOktaAuth,
	MfaConnectorTypeSymantecVipAuth,
	MfaConnectorTypeRsaAuth,
	MfaConnectorTypeRsaCas,
	MfaConnectorTypeGoogleAuth,
	MfaConnectorTypeAzureMfa,
	MfaConnectorTypeAzureAuth,
	MfaConnectorTypeRadius,
	MfaConnectorTypePingIDEntityMfa,
	MfaConnectorTypeCyberArk,
	MfaConnectorTypeOneLogin,
	MfaConnectorTypeEntrust,
	MfaConnectorTypeForgerock,
	MfaConnectorTypeOidc,
	MfaConnectorTypeCsFalconAuth,
}
View Source 
var AllMfaFactorType = []MfaFactorType{
	MfaFactorTypePush,
	MfaFactorTypePushWithNumberMatching,
	MfaFactorTypePushWithOtpFallback,
	MfaFactorTypeOtp,
	MfaFactorTypeCallOtp,
	MfaFactorTypeCallVerify,
	MfaFactorTypeCallVerifyWithPasscode,
	MfaFactorTypeSms1way,
	MfaFactorTypeSms2way,
	MfaFactorTypeDynamic,
	MfaFactorTypeBiometrics,
	MfaFactorTypeHardwareOtp,
	MfaFactorTypeEmergencyOtp,
	MfaFactorTypeFido,
	MfaFactorTypeGridCard,
	MfaFactorTypeOidcAuth,
}
View Source 
var AllNetworkType = []NetworkType{
	NetworkTypeUnknown,
	NetworkTypeVpn,
	NetworkTypePublic,
	NetworkTypeWireless,
	NetworkTypeInternal,
	NetworkTypeNat,
}
View Source 
var AllNtlmErrorCode = []NtlmErrorCode{
	NtlmErrorCodeNoNtlmError,
	NtlmErrorCodeAccessDenied,
	NtlmErrorCodeAccountExpiration,
	NtlmErrorCodeInvalidPassword,
	NtlmErrorCodeLogonFailure,
	NtlmErrorCodeNoSuchUser,
	NtlmErrorCodeAccountRestriction,
	NtlmErrorCodeInvalidLogonHours,
	NtlmErrorCodeInvalidWorkstation,
	NtlmErrorCodePasswordExpired,
	NtlmErrorCodeAccountDisabled,
	NtlmErrorCodeLogonNotGranted,
	NtlmErrorCodeLogonTypeNotGranted,
	NtlmErrorCodeAccountLockedOut,
	NtlmErrorCodeUserChangePasswordNextLogon,
	NtlmErrorCodeOther,
}
View Source 
var AllObjectSidTakeoverMethod = []ObjectSidTakeoverMethod{
	ObjectSidTakeoverMethodObjectSidHistory,
	ObjectSidTakeoverMethodUnknown,
}
View Source 
var AllOperatingSystemFamily = []OperatingSystemFamily{
	OperatingSystemFamilyWindows,
	OperatingSystemFamilyOsx,
	OperatingSystemFamilyUnix,
	OperatingSystemFamilyLinux,
	OperatingSystemFamilyIos,
	OperatingSystemFamilyAndroid,
	OperatingSystemFamilyOther,
}
View Source 
var AllOperatingSystemTarget = []OperatingSystemTarget{
	OperatingSystemTargetWorkstation,
	OperatingSystemTargetServer,
	OperatingSystemTargetIntegratedSolutionAppliance,
	OperatingSystemTargetMobile,
	OperatingSystemTargetTablet,
	OperatingSystemTargetGameConsole,
	OperatingSystemTargetWearable,
	OperatingSystemTargetSmartTv,
	OperatingSystemTargetPda,
	OperatingSystemTargetUndetermined,
}
View Source 
var AllOperatingSystemVulnerability = []OperatingSystemVulnerability{
	OperatingSystemVulnerabilityNone,
	OperatingSystemVulnerabilityUnknown,
	OperatingSystemVulnerabilityLow,
	OperatingSystemVulnerabilityMedium,
	OperatingSystemVulnerabilityHigh,
}
View Source 
var AllPasswordStrength = []PasswordStrength{
	PasswordStrengthUnknown,
	PasswordStrengthWeak,
	PasswordStrengthStrong,
}
View Source 
var AllProtocolType = []ProtocolType{
	ProtocolTypeKerberos,
	ProtocolTypeLdap,
	ProtocolTypeNtlm,
	ProtocolTypeDceRPC,
	ProtocolTypeSsl,
	ProtocolTypeUnknown,
}
View Source 
var AllRegisteredTenantType = []RegisteredTenantType{
	RegisteredTenantTypeExternal,
	RegisteredTenantTypeRegisteredApp,
	RegisteredTenantTypeManagedIDEntity,
}
View Source 
var AllRemoteCodeExecutionMethod = []RemoteCodeExecutionMethod{
	RemoteCodeExecutionMethodPsExec,
}
View Source 
var AllRiskByMembershipSortKey = []RiskByMembershipSortKey{
	RiskByMembershipSortKeyGroup,
	RiskByMembershipSortKeyScore,
	RiskByMembershipSortKeyImpact,
}
View Source 
var AllRiskFactorType = []RiskFactorType{
	RiskFactorTypeAbnormalServiceAccess,
	RiskFactorTypeCredentialTheft,
	RiskFactorTypeDailyVolumeAnomaly,
	RiskFactorTypePolicyRuleMatch,
	RiskFactorTypeForbiddenCountry,
	RiskFactorTypeForgedPac,
	RiskFactorTypeGoldenTicket,
	RiskFactorTypeIdentityVerificationDeny,
	RiskFactorTypeIdentityVerificationTimeout,
	RiskFactorTypeLateralMovement,
	RiskFactorTypeNewServerAccess,
	RiskFactorTypePassTheHash,
	RiskFactorTypePassTheTicket,
	RiskFactorTypePasswordBruteForce,
	RiskFactorTypeSkeletonKey,
	RiskFactorTypeStaleAccountUsage,
	RiskFactorTypeStaleHostUsage,
	RiskFactorTypeStaleServiceUsage,
	RiskFactorTypeCredentialScanning,
	RiskFactorTypeGeoAnomaly,
	RiskFactorTypeNewEntityVolume,
	RiskFactorTypeDcSync,
	RiskFactorTypeHiddenObject,
	RiskFactorTypeBadIPReputationUsage,
	RiskFactorTypeAnomalousRPC,
	RiskFactorTypeRemoteCodeExecution,
	RiskFactorTypeNtlmRelay,
	RiskFactorTypeCredsspAttack,
	RiskFactorTypeLdapReconnaissance,
	RiskFactorTypeBronzeBit,
	RiskFactorTypeSuspiciousCloudActivityMl,
	RiskFactorTypeAgedPassword,
	RiskFactorTypeKrbtgtAgedPassword,
	RiskFactorTypeAssociationWithRiskyEndpoint,
	RiskFactorTypeNeverExpiresPassword,
	RiskFactorTypeInsufficientPasswordRotation,
	RiskFactorTypeExposedPassword,
	RiskFactorTypeInactiveAccount,
	RiskFactorTypeSharedEndpoint,
	RiskFactorTypeSharedUser,
	RiskFactorTypeStaleAccount,
	RiskFactorTypeUnmanagedHost,
	RiskFactorTypeVpnUsage,
	RiskFactorTypeVulnerableOs,
	RiskFactorTypeWeakPassword,
	RiskFactorTypeWeakPasswordPolicy,
	RiskFactorTypeDuplicatePassword,
	RiskFactorTypeWatched,
	RiskFactorTypeHasSpns,
	RiskFactorTypeNtlmMovements,
	RiskFactorTypeStealthyPrivileges,
	RiskFactorTypeObjectSidHistoryPrivilegesTakeover,
	RiskFactorTypePrivilegedMachine,
	RiskFactorTypeGuestAccountEnabled,
	RiskFactorTypeVulnerableNtlmCompatibilityLevel,
	RiskFactorTypeSmbSigningDisabled,
	RiskFactorTypeDuplicatedLocalAdministrator,
	RiskFactorTypePrivilegedUserUsingUnmanagedEndpoint,
	RiskFactorTypeUnmanagedEndpointUsedByPrivilegedUser,
	RiskFactorTypeSharedEndpointUsedByPrivilegedUser,
	RiskFactorTypeKerberosPreauthNotRequired,
	RiskFactorTypeDesKeyOnlyKerberosEncryption,
	RiskFactorTypeLdapSigningDisabled,
	RiskFactorTypeLdapsChannelBinding,
	RiskFactorTypeSpoolerServiceRunning,
	RiskFactorTypeNlaDisabled,
	RiskFactorTypeExposedLocalAdmin,
	RiskFactorTypeHasAttackPath,
	RiskFactorTypeUsesLocallyAdministratedMachines,
	RiskFactorTypeCloudActivityOnVulnerableOs,
	RiskFactorTypeAzureLegacyProtocolUsage,
	RiskFactorTypeSuspiciousSpn,
	RiskFactorTypeSuspiciousUpn,
	RiskFactorTypeRiskyLinkedAccount,
	RiskFactorTypeCertificateTemplateAllowsAuthenticationAsAnyDomainUser,
	RiskFactorTypeAuthenticateAsAnyDomainUserWithCertificateRequestAgentWithoutAnyRestrictions,
}
View Source 
var AllRuleAction = []RuleAction{
	RuleActionAllow,
	RuleActionBlock,
	RuleActionMfa,
	RuleActionForcePasswordChange,
	RuleActionEmailVerification,
	RuleActionAddToWatchList,
	RuleActionSmsAlert,
	RuleActionApplySsoPolicy,
}
View Source 
var AllRuleTrigger = []RuleTrigger{
	RuleTriggerAccess,
	RuleTriggerAccountEvent,
	RuleTriggerFederatedAccess,
	RuleTriggerAlert,
}
View Source 
var AllScoreLevel = []ScoreLevel{
	ScoreLevelLow,
	ScoreLevelMedium,
	ScoreLevelHigh,
}
View Source 
var AllScoreSeverity = []ScoreSeverity{
	ScoreSeverityNormal,
	ScoreSeverityMedium,
	ScoreSeverityHigh,
}
View Source 
var AllSecurityAssessmentTimeResolution = []SecurityAssessmentTimeResolution{
	SecurityAssessmentTimeResolutionHour,
	SecurityAssessmentTimeResolutionDay,
	SecurityAssessmentTimeResolutionWeek,
}
View Source 
var AllServiceType = []ServiceType{
	ServiceTypeLdap,
	ServiceTypeWeb,
	ServiceTypeFileShare,
	ServiceTypeDb,
	ServiceTypeRPCSs,
	ServiceTypeRemoteDesktop,
	ServiceTypeSccm,
	ServiceTypeSip,
	ServiceTypeDNS,
	ServiceTypeMail,
	ServiceTypeNtlm,
	ServiceTypeComputerAccess,
	ServiceTypeGenericCloud,
	ServiceTypeServiceAccount,
	ServiceTypeUnknown,
}
View Source 
var AllSignInAudience = []SignInAudience{
	SignInAudienceAzureADMyOrg,
	SignInAudienceAzureADMultipleOrgs,
	SignInAudienceAzureADandPersonalMicrosoftAccount,
	SignInAudiencePersonalMicrosoftAccount,
}
View Source 
var AllSmbDialect = []SmbDialect{
	SmbDialectSmb1,
	SmbDialectSmb2_0_2,
	SmbDialectSmb2_1,
	SmbDialectSmb3_0,
	SmbDialectSmb3_0_2,
	SmbDialectSmb3_1_1,
}
View Source 
var AllSortOrder = []SortOrder{
	SortOrderAscending,
	SortOrderDescending,
}
View Source 
var AllSsoError = []SsoError{
	SsoErrorInvalidCredentials,
	SsoErrorLockedOut,
	SsoErrorBadPassword,
	SsoErrorBadUsername,
	SsoErrorVerificationError,
	SsoErrorPasswordExpired,
	SsoErrorSessionExpired,
	SsoErrorAccountDisabled,
	SsoErrorAuthorizationError,
	SsoErrorMaliciousIP,
	SsoErrorUnknown,
}
View Source 
var AllSystemComponent = []SystemComponent{
	SystemComponentManagement,
	SystemComponentEnforcement,
	SystemComponentDetection,
}
View Source 
var AllSystemLoginFailureReason = []SystemLoginFailureReason{
	SystemLoginFailureReasonUnknown,
	SystemLoginFailureReasonInvalidUsername,
	SystemLoginFailureReasonWrongPassword,
	SystemLoginFailureReasonInvalidCredentials,
	SystemLoginFailureReasonUnauthorized,
	SystemLoginFailureReasonMfaDeny,
	SystemLoginFailureReasonMfaTimeout,
	SystemLoginFailureReasonTimeout,
}
View Source 
var AllSystemUserType = []SystemUserType{
	SystemUserTypeCs,
	SystemUserTypeCsToken,
	SystemUserTypeLegacyUser,
}
View Source 
var AllTLSVersion = []TLSVersion{
	TLSVersionTLSNoVersion,
	TLSVersionTLSV1_0,
	TLSVersionTLSV1_1,
	TLSVersionTLSV1_2,
	TLSVersionTLSV1_3,
}
View Source 
var AllTimelineEventCategory = []TimelineEventCategory{
	TimelineEventCategoryActivity,
	TimelineEventCategoryAudit,
	TimelineEventCategoryEntity,
	TimelineEventCategoryNotification,
	TimelineEventCategoryPolicy,
	TimelineEventCategorySystem,
	TimelineEventCategoryThreat,
	TimelineEventCategorySystemCoverageNotification,
	TimelineEventCategorySoftwareUpdate,
	TimelineEventCategoryConnectorNotification,
	TimelineEventCategoryThreatHunter,
}
View Source 
var AllTimelineEventSeverity = []TimelineEventSeverity{
	TimelineEventSeverityNeutral,
	TimelineEventSeverityModerate,
	TimelineEventSeverityImportant,
}
View Source 
var AllTimelineEventType = []TimelineEventType{
	TimelineEventTypeSuccessfulAuthentication,
	TimelineEventTypeFailedAuthentication,
	TimelineEventTypeServiceAccess,
	TimelineEventTypeDcerpcOperation,
	TimelineEventTypeRemoteCodeExecution,
	TimelineEventTypeFileOperation,
	TimelineEventTypeLdapSearch,
	TimelineEventTypeAccountCreated,
	TimelineEventTypePasswordChange,
	TimelineEventTypeAccountNameChange,
	TimelineEventTypeDepartmentChange,
	TimelineEventTypeOuChange,
	TimelineEventTypeEmailAddressChange,
	TimelineEventTypeAccountEnabled,
	TimelineEventTypeAccountDisabled,
	TimelineEventTypeAccountLocked,
	TimelineEventTypeAccountUnlocked,
	TimelineEventTypeEntityResurgence,
	TimelineEventTypeEntityInactive,
	TimelineEventTypeEntityStale,
	TimelineEventTypeEntityShared,
	TimelineEventTypeEntityNotShared,
	TimelineEventTypeEntityLearned,
	TimelineEventTypeEntityMarked,
	TimelineEventTypeEntityUnmarked,
	TimelineEventTypeEntityWatched,
	TimelineEventTypeEntityUnwatched,
	TimelineEventTypeEntityArchived,
	TimelineEventTypeEntityUnarchived,
	TimelineEventTypeExposedPassword,
	TimelineEventTypeWeakPassword,
	TimelineEventTypePrivilegeEscalation,
	TimelineEventTypePrivilegeDeEscalation,
	TimelineEventTypeScoreEscalation,
	TimelineEventTypeScoreDeEscalation,
	TimelineEventTypeAuthorizerChange,
	TimelineEventTypeLinkedAccountChange,
	TimelineEventTypeAlert,
	TimelineEventTypeNewIncident,
	TimelineEventTypeIncidentTypeChange,
	TimelineEventTypeIncidentSeverityChange,
	TimelineEventTypeIncidentLifeCycleStageChange,
	TimelineEventTypePolicyRuleMatch,
	TimelineEventTypeMfaServiceEnrollment,
	TimelineEventTypeConnectorConfigurationModified,
	TimelineEventTypeConnectorConfigurationAdded,
	TimelineEventTypeConnectorConfigurationDeleted,
	TimelineEventTypePolicyRuleModified,
	TimelineEventTypePolicyRuleAdded,
	TimelineEventTypePolicyRuleDeleted,
	TimelineEventTypePolicyRulesReordered,
	TimelineEventTypePolicyApplied,
	TimelineEventTypeAlertExceptionModified,
	TimelineEventTypeReportModified,
	TimelineEventTypeReportAdded,
	TimelineEventTypeReportDeleted,
	TimelineEventTypeEmailNotificationConfigurationModified,
	TimelineEventTypeDetectionAggressionConfigurationModified,
	TimelineEventTypeRiskFactorsConfigurationModified,
	TimelineEventTypeDomainRemoval,
	TimelineEventTypeNetExtractorStoppedPublish,
	TimelineEventTypeMfaUIFallbackPeriodChanged,
	TimelineEventTypeUncoveredDomainController,
	TimelineEventTypeConnectorFailure,
	TimelineEventTypeToolFailure,
	TimelineEventTypeToolDeleted,
	TimelineEventTypeIDPContainerWatchdogEvent,
	TimelineEventTypeIDPContainerGenericWatchdogEvent,
	TimelineEventTypeNetExtractorStoppedPolicy,
	TimelineEventTypeNetExtractorStoppedTraffic,
	TimelineEventTypeNetExtractorWatchdogAnalyzerServiceRestart,
	TimelineEventTypeNetExtractorWatchdogManagementServiceRestart,
	TimelineEventTypeNetExtractorWatchdogMonitoringServiceRestart,
}
View Source 
var AllTrafficInspectionExclusionListProtocol = []TrafficInspectionExclusionListProtocol{
	TrafficInspectionExclusionListProtocolTCP,
	TrafficInspectionExclusionListProtocolUDP,
}
View Source 
var AllTrafficInspectionExclusionListStatus = []TrafficInspectionExclusionListStatus{
	TrafficInspectionExclusionListStatusActive,
	TrafficInspectionExclusionListStatusPendingAdd,
	TrafficInspectionExclusionListStatusPendingRemove,
	TrafficInspectionExclusionListStatusFailedAdd,
}
View Source 
var AllUserAccountControlFlags = []UserAccountControlFlags{
	UserAccountControlFlagsScript,
	UserAccountControlFlagsAccountdisable,
	UserAccountControlFlagsHomedirRequired,
	UserAccountControlFlagsLockout,
	UserAccountControlFlagsPasswdNotreqd,
	UserAccountControlFlagsPasswdCantChange,
	UserAccountControlFlagsEncryptedTextPwdAllowed,
	UserAccountControlFlagsTempDuplicateAccount,
	UserAccountControlFlagsNormalAccount,
	UserAccountControlFlagsInterdomainTrustAccount,
	UserAccountControlFlagsWorkstationTrustAccount,
	UserAccountControlFlagsServerTrustAccount,
	UserAccountControlFlagsDontExpirePassword,
	UserAccountControlFlagsMnsLogonAccount,
	UserAccountControlFlagsSmartcardRequired,
	UserAccountControlFlagsTrustedForDelegation,
	UserAccountControlFlagsNotDelegated,
	UserAccountControlFlagsUseDesKeyOnly,
	UserAccountControlFlagsDontReqPreauth,
	UserAccountControlFlagsPasswordExpired,
	UserAccountControlFlagsTrustedToAuthForDelegation,
	UserAccountControlFlagsPartialSecretsAccount,
}
View Source 
var AllUserEntityClassification = []UserEntityClassification{
	UserEntityClassificationHuman,
	UserEntityClassificationProgrammatic,
	UserEntityClassificationExecutive,
	UserEntityClassificationHoneytoken,
}

Functions

This section is empty.

Types

type AccountDescriptor 

type AccountDescriptor interface {
	IsAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDescription() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
}

An account descriptor provides data associated with an external entity source, such as an entry in an identity management system.

type AccountDescriptorImpl 

type AccountDescriptorImpl struct {
	Archived     bool       `json:"archived"`
	CreationTime string     `json:"creationTime"`
	DataSource   DataSource `json:"dataSource"`
	Description  *string    `json:"description,omitempty"`
	Enabled      bool       `json:"enabled"`
}

func (AccountDescriptorImpl) GetArchived 

func (this AccountDescriptorImpl) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (AccountDescriptorImpl) GetCreationTime 

func (this AccountDescriptorImpl) GetCreationTime() string

func (AccountDescriptorImpl) GetDataSource 

func (this AccountDescriptorImpl) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (AccountDescriptorImpl) GetDescription 

func (this AccountDescriptorImpl) GetDescription() *string

func (AccountDescriptorImpl) GetEnabled 

func (this AccountDescriptorImpl) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (AccountDescriptorImpl) IsAccountDescriptor 

func (AccountDescriptorImpl) IsAccountDescriptor()

type AccountOperatorsAdminRole 

type AccountOperatorsAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AccountOperatorsAdminRole) GetAuthorizingContainingEntitiesIds 

func (this AccountOperatorsAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (AccountOperatorsAdminRole) GetAuthorizingGroupIds 

func (this AccountOperatorsAdminRole) GetAuthorizingGroupIds() []string

func (AccountOperatorsAdminRole) GetBuiltin 

func (this AccountOperatorsAdminRole) GetBuiltin() bool

func (AccountOperatorsAdminRole) GetConfirmed 

func (this AccountOperatorsAdminRole) GetConfirmed() bool

func (AccountOperatorsAdminRole) GetFullPath 

func (this AccountOperatorsAdminRole) GetFullPath() *string

func (AccountOperatorsAdminRole) GetProbability 

func (this AccountOperatorsAdminRole) GetProbability() *float64

func (AccountOperatorsAdminRole) GetType 

func (this AccountOperatorsAdminRole) GetType() EntityRoleType

func (AccountOperatorsAdminRole) IsAdminAccountRole 

func (AccountOperatorsAdminRole) IsAdminAccountRole()

func (AccountOperatorsAdminRole) IsEntityRole 

func (AccountOperatorsAdminRole) IsEntityRole()

func (AccountOperatorsAdminRole) IsOperatorLevelAdminRole 

func (AccountOperatorsAdminRole) IsOperatorLevelAdminRole()

type ActiveDirectoryAccountDescriptor 

type ActiveDirectoryAccountDescriptor struct {
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived           bool                     `json:"archived"`
	Cn                 *string                  `json:"cn,omitempty"`
	ConsistencyGUID    *string                  `json:"consistencyGuid,omitempty"`
	ContainingEntities []*EntityContainerEntity `json:"containingEntities"`
	// List of Active Directory group entities this entity is a direct member of. If
	// you wish to also list indirect ancestor groups, project
	// `flattenedContainingGroupEntities` instead.
	ContainingGroupEntities []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds      []string                 `json:"containingGroupIds"`
	// The creation time of the account.
	CreationTime string `json:"creationTime"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource DataSource `json:"dataSource"`
	// The department that the account belongs to.
	Department  *string `json:"department,omitempty"`
	Description *string `json:"description,omitempty"`
	// The entry's distinguished name (DN) in LDAP.
	Dn string `json:"dn"`
	// The Active Directory domain under which the entry is defined.
	Domain *string `json:"domain,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled bool `json:"enabled"`
	// The account's [expiration time](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-accountexpires).
	ExpirationTime *string `json:"expirationTime,omitempty"`
	// List of Active Directory group entities this entity is a member of. If you
	// wish to only list direct ancestor groups, project `containingGroupEntities` instead.
	FlattenedContainingGroupEntities []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds      []string                 `json:"flattenedContainingGroupIds"`
	LastUpdateTime                   string                   `json:"lastUpdateTime"`
	// If the account is currently locked out, this attribute contains the date and time when the lockout occurred.
	LockoutTime *string `json:"lockoutTime,omitempty"`
	// The date and time of the account's latest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	MostRecentActivity *string `json:"mostRecentActivity,omitempty"`
	// The account's [Object-Guid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectguid).
	ObjectGUID string `json:"objectGuid"`
	// The account's [Object-Sid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectsid).
	ObjectSid string `json:"objectSid"`
	// If the account is part of an Active Directory Organizational Unit, this
	// attribute represents its [name in canonical format](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-canonicalname/).
	Ou *string `json:"ou,omitempty"`
	// Comprehensive information about the account's password, except the password itself.
	PasswordAttributes *ActiveDirectoryPasswordAttributes `json:"passwordAttributes,omitempty"`
	// The account's [SAM account name](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-samaccountname).
	SamAccountName string `json:"samAccountName"`
	// The account's [Service Principal Names (SPNs)](https://docs.microsoft.com/en-us/windows/desktop/ad/service-principal-names).
	ServicePrincipalNames []string `json:"servicePrincipalNames"`
	Title                 *string  `json:"title,omitempty"`
	// The account's [User Principal Name (UPN)](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-userprincipalname).
	Upn                *string `json:"upn,omitempty"`
	UserAccountControl int     `json:"userAccountControl"`
	// The list of property [User Account Control Flags](https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/useraccountcontrol-manipulate-account-properties#list-of-property-flags).
	UserAccountControlFlags []UserAccountControlFlags `json:"userAccountControlFlags,omitempty"`
}

A specialized `AccountDescriptor` for Active Directory accounts (users and endpoints).

func (ActiveDirectoryAccountDescriptor) GetArchived 

func (this ActiveDirectoryAccountDescriptor) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (ActiveDirectoryAccountDescriptor) GetCn 

func (this ActiveDirectoryAccountDescriptor) GetCn() *string

func (ActiveDirectoryAccountDescriptor) GetContainingEntities 

func (this ActiveDirectoryAccountDescriptor) GetContainingEntities() []*EntityContainerEntity

func (ActiveDirectoryAccountDescriptor) GetCreationTime 

func (this ActiveDirectoryAccountDescriptor) GetCreationTime() string

func (ActiveDirectoryAccountDescriptor) GetDataSource 

func (this ActiveDirectoryAccountDescriptor) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (ActiveDirectoryAccountDescriptor) GetDepartment 

func (this ActiveDirectoryAccountDescriptor) GetDepartment() *string

func (ActiveDirectoryAccountDescriptor) GetDescription 

func (this ActiveDirectoryAccountDescriptor) GetDescription() *string

func (ActiveDirectoryAccountDescriptor) GetDn 

func (this ActiveDirectoryAccountDescriptor) GetDn() string

The entry's distinguished name (DN) in LDAP.

func (ActiveDirectoryAccountDescriptor) GetDomain 

func (this ActiveDirectoryAccountDescriptor) GetDomain() *string

The Active Directory domain under which the entry is defined.

func (ActiveDirectoryAccountDescriptor) GetEnabled 

func (this ActiveDirectoryAccountDescriptor) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (ActiveDirectoryAccountDescriptor) GetLastUpdateTime 

func (this ActiveDirectoryAccountDescriptor) GetLastUpdateTime() string

func (ActiveDirectoryAccountDescriptor) GetMostRecentActivity 

func (this ActiveDirectoryAccountDescriptor) GetMostRecentActivity() *string

The date and time of the account's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (ActiveDirectoryAccountDescriptor) GetObjectGUID 

func (this ActiveDirectoryAccountDescriptor) GetObjectGUID() string

The account's [Object-Guid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectguid).

func (ActiveDirectoryAccountDescriptor) GetObjectSid 

func (this ActiveDirectoryAccountDescriptor) GetObjectSid() string

The account's [Object-Sid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectsid).

func (ActiveDirectoryAccountDescriptor) GetPasswordAttributes 

func (this ActiveDirectoryAccountDescriptor) GetPasswordAttributes() PasswordAttributes

func (ActiveDirectoryAccountDescriptor) GetSamAccountName 

func (this ActiveDirectoryAccountDescriptor) GetSamAccountName() string

The account's [SAM-Account-Name attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-samaccountname).

func (ActiveDirectoryAccountDescriptor) GetTitle 

func (this ActiveDirectoryAccountDescriptor) GetTitle() *string

func (ActiveDirectoryAccountDescriptor) IsAccountDescriptor 

func (ActiveDirectoryAccountDescriptor) IsAccountDescriptor()

func (ActiveDirectoryAccountDescriptor) IsActiveDirectoryEntryDescriptor 

func (ActiveDirectoryAccountDescriptor) IsActiveDirectoryEntryDescriptor()

func (ActiveDirectoryAccountDescriptor) IsActiveDirectorySecurityPrincipalAccountDescriptor 

func (ActiveDirectoryAccountDescriptor) IsActiveDirectorySecurityPrincipalAccountDescriptor()

func (ActiveDirectoryAccountDescriptor) IsActivityParticipatingAccountDescriptor 

func (ActiveDirectoryAccountDescriptor) IsActivityParticipatingAccountDescriptor()

func (ActiveDirectoryAccountDescriptor) IsUserAccountDescriptor 

func (ActiveDirectoryAccountDescriptor) IsUserAccountDescriptor()

type ActiveDirectoryContainerAccountDescriptor 

type ActiveDirectoryContainerAccountDescriptor interface {
	IsActiveDirectoryContainerAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetCn() *string
	// The creation time of the container.
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDescription() *string
	// The entry's distinguished name (DN) in LDAP.
	GetDn() string
	// The Active Directory domain under which the entry is defined.
	GetDomain() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetLastUpdateTime() string
	// The container's [Object-Guid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectguid).
	GetObjectGUID() string
	// If the container is part of an Active Directory Organizational Unit, this
	// attribute represents its [name in canonical format](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-canonicalname).
	GetOu() *string
}

A specialized abstract account descriptor for all Active Directory container sources.

type ActiveDirectoryEntryDescriptor 

type ActiveDirectoryEntryDescriptor interface {
	IsActiveDirectoryEntryDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetCn() *string
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDescription() *string
	// The entry's distinguished name (DN) in LDAP.
	GetDn() string
	// The Active Directory domain under which the entry is defined.
	GetDomain() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetLastUpdateTime() string
}

A specialized abstract `AccountDescriptor` interface for Active Directory LDAP entry sources.

type ActiveDirectoryGroupAccountDescriptor 

type ActiveDirectoryGroupAccountDescriptor struct {
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived bool    `json:"archived"`
	Cn       *string `json:"cn,omitempty"`
	// List of Active Directory group entities this entity is a direct member of. If
	// you wish to also list indirect ancestor groups, project
	// `flattenedContainingGroupEntities` instead.
	ContainingGroupEntities []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds      []string                 `json:"containingGroupIds"`
	// The creation time of the container.
	CreationTime string `json:"creationTime"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource  DataSource `json:"dataSource"`
	Description *string    `json:"description,omitempty"`
	// The entry's distinguished name (DN) in LDAP.
	Dn string `json:"dn"`
	// The Active Directory domain under which the entry is defined.
	Domain *string `json:"domain,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled bool `json:"enabled"`
	// List of Active Directory group entities this entity is a member of. If you
	// wish to only list direct ancestor groups, project `containingGroupEntities` instead.
	FlattenedContainingGroupEntities []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds      []string                 `json:"flattenedContainingGroupIds"`
	LastUpdateTime                   string                   `json:"lastUpdateTime"`
	LocalGroup                       bool                     `json:"localGroup"`
	// The container's [Object-Guid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectguid).
	ObjectGUID string `json:"objectGuid"`
	// The account's [Object-Sid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectsid).
	ObjectSid string `json:"objectSid"`
	// If the container is part of an Active Directory Organizational Unit, this
	// attribute represents its [name in canonical format](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-canonicalname).
	Ou *string `json:"ou,omitempty"`
	// The account's [SAM-Account-Name attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-samaccountname).
	SamAccountName string `json:"samAccountName"`
	SecurityGroup  bool   `json:"securityGroup"`
}

A specialized `AccountDescriptor` for Active Directory groups.

func (ActiveDirectoryGroupAccountDescriptor) GetArchived 

func (this ActiveDirectoryGroupAccountDescriptor) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (ActiveDirectoryGroupAccountDescriptor) GetCn 

func (this ActiveDirectoryGroupAccountDescriptor) GetCn() *string

func (ActiveDirectoryGroupAccountDescriptor) GetCreationTime 

func (this ActiveDirectoryGroupAccountDescriptor) GetCreationTime() string

The creation time of the container.

func (ActiveDirectoryGroupAccountDescriptor) GetDataSource 

func (this ActiveDirectoryGroupAccountDescriptor) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (ActiveDirectoryGroupAccountDescriptor) GetDescription 

func (this ActiveDirectoryGroupAccountDescriptor) GetDescription() *string

func (ActiveDirectoryGroupAccountDescriptor) GetDn 

func (this ActiveDirectoryGroupAccountDescriptor) GetDn() string

The entry's distinguished name (DN) in LDAP.

func (ActiveDirectoryGroupAccountDescriptor) GetDomain 

func (this ActiveDirectoryGroupAccountDescriptor) GetDomain() *string

The Active Directory domain under which the entry is defined.

func (ActiveDirectoryGroupAccountDescriptor) GetEnabled 

func (this ActiveDirectoryGroupAccountDescriptor) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (ActiveDirectoryGroupAccountDescriptor) GetLastUpdateTime 

func (this ActiveDirectoryGroupAccountDescriptor) GetLastUpdateTime() string

func (ActiveDirectoryGroupAccountDescriptor) GetObjectGUID 

func (this ActiveDirectoryGroupAccountDescriptor) GetObjectGUID() string

The container's [Object-Guid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectguid).

func (ActiveDirectoryGroupAccountDescriptor) GetObjectSid 

func (this ActiveDirectoryGroupAccountDescriptor) GetObjectSid() string

The account's [Object-Sid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectsid).

func (ActiveDirectoryGroupAccountDescriptor) GetOu 

func (this ActiveDirectoryGroupAccountDescriptor) GetOu() *string

If the container is part of an Active Directory Organizational Unit, this attribute represents its [name in canonical format](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-canonicalname).

func (ActiveDirectoryGroupAccountDescriptor) GetSamAccountName 

func (this ActiveDirectoryGroupAccountDescriptor) GetSamAccountName() string

The account's [SAM-Account-Name attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-samaccountname).

func (ActiveDirectoryGroupAccountDescriptor) IsAccountDescriptor 

func (ActiveDirectoryGroupAccountDescriptor) IsAccountDescriptor()

func (ActiveDirectoryGroupAccountDescriptor) IsActiveDirectoryContainerAccountDescriptor 

func (ActiveDirectoryGroupAccountDescriptor) IsActiveDirectoryContainerAccountDescriptor()

func (ActiveDirectoryGroupAccountDescriptor) IsActiveDirectoryEntryDescriptor 

func (ActiveDirectoryGroupAccountDescriptor) IsActiveDirectoryEntryDescriptor()

func (ActiveDirectoryGroupAccountDescriptor) IsActiveDirectorySecurityPrincipalAccountDescriptor 

func (ActiveDirectoryGroupAccountDescriptor) IsActiveDirectorySecurityPrincipalAccountDescriptor()

type ActiveDirectoryGroupRole 

type ActiveDirectoryGroupRole interface {
	IsActiveDirectoryGroupRole()
	GetBuiltin() bool
	GetScope() ActiveDirectoryGroupScope
}

type ActiveDirectoryGroupRoleImpl 

type ActiveDirectoryGroupRoleImpl struct {
	Builtin bool                      `json:"builtin"`
	Scope   ActiveDirectoryGroupScope `json:"scope"`
}

func (ActiveDirectoryGroupRoleImpl) GetBuiltin 

func (this ActiveDirectoryGroupRoleImpl) GetBuiltin() bool

func (ActiveDirectoryGroupRoleImpl) GetScope 

func (this ActiveDirectoryGroupRoleImpl) GetScope() ActiveDirectoryGroupScope

func (ActiveDirectoryGroupRoleImpl) IsActiveDirectoryGroupRole 

func (ActiveDirectoryGroupRoleImpl) IsActiveDirectoryGroupRole()

type ActiveDirectoryGroupScope 

type ActiveDirectoryGroupScope string
const (
	ActiveDirectoryGroupScopeUniversal   ActiveDirectoryGroupScope = "Universal"
	ActiveDirectoryGroupScopeGlobal      ActiveDirectoryGroupScope = "Global"
	ActiveDirectoryGroupScopeDomainLocal ActiveDirectoryGroupScope = "DomainLocal"
)

func (ActiveDirectoryGroupScope) IsValid 

func (e ActiveDirectoryGroupScope) IsValid() bool

func (ActiveDirectoryGroupScope) MarshalGQL 

func (e ActiveDirectoryGroupScope) MarshalGQL(w io.Writer)

func (ActiveDirectoryGroupScope) String 

func (e ActiveDirectoryGroupScope) String() string

func (*ActiveDirectoryGroupScope) UnmarshalGQL 

func (e *ActiveDirectoryGroupScope) UnmarshalGQL(v interface{}) error

type ActiveDirectoryPasswordAttributes 

type ActiveDirectoryPasswordAttributes struct {
	Aged          bool    `json:"aged"`
	DiscoveryDate *string `json:"discoveryDate,omitempty"`
	// A descriptor object for the password policy currently applied to the subject
	// account, which may be either the Default Password Policy for its domain or a
	// Fine Grained Password Policy.
	//
	// “`graphql
	// #### Query effective policy for privileged users
	// {
	//     entities(roles: [AdminAccountRole]
	//              types: [USER]
	//              archived: false
	//              first: 5
	//              sortKey: RISK_SCORE
	//              sortOrder: DESCENDING)
	//     {
	//         nodes {
	//             primaryDisplayName
	//             secondaryDisplayName
	//             accounts
	//             {
	//                 ... on ActiveDirectoryAccountDescriptor
	//                 {
	//                     passwordAttributes
	//                     {
	//                         lastChange
	//                         strength
	//                         effectivePolicy {
	//                             # Source info
	//                             sourceType
	//                             displayName
	//
	//                             # Policy rank
	//                             policyRank
	//                             policyRankLevel
	//
	//                             # Policy details
	//                             complexityEnabled
	//                             minLength
	//                             minAge
	//                             maxAge
	//                             savedPreviousPasswordCount
	//                             reversibleEncryptionEnabled
	//                             failedAuthenticationAttemptsLockoutThreshold
	//                             lockoutDuration
	//                             lockoutObservationWindow
	//                         }
	//
	//                     }
	//                 }
	//             }
	//         }
	//     }
	// }
	// “`
	EffectivePolicy *AppliedActiveDirectoryPasswordPolicy `json:"effectivePolicy,omitempty"`
	Exposed         bool                                  `json:"exposed"`
	LastChange      *string                               `json:"lastChange,omitempty"`
	MayExpire       bool                                  `json:"mayExpire"`
	Strength        PasswordStrength                      `json:"strength"`
}

func (ActiveDirectoryPasswordAttributes) GetAged 

func (this ActiveDirectoryPasswordAttributes) GetAged() bool

func (ActiveDirectoryPasswordAttributes) GetExposed 

func (this ActiveDirectoryPasswordAttributes) GetExposed() bool

func (ActiveDirectoryPasswordAttributes) GetLastChange 

func (this ActiveDirectoryPasswordAttributes) GetLastChange() *string

func (ActiveDirectoryPasswordAttributes) GetMayExpire 

func (this ActiveDirectoryPasswordAttributes) GetMayExpire() bool

func (ActiveDirectoryPasswordAttributes) GetStrength 

func (this ActiveDirectoryPasswordAttributes) GetStrength() PasswordStrength

func (ActiveDirectoryPasswordAttributes) IsPasswordAttributes 

func (ActiveDirectoryPasswordAttributes) IsPasswordAttributes()

type ActiveDirectoryPasswordPolicySourceType 

type ActiveDirectoryPasswordPolicySourceType string
const (
	ActiveDirectoryPasswordPolicySourceTypeDomainPolicy      ActiveDirectoryPasswordPolicySourceType = "DOMAIN_POLICY"
	ActiveDirectoryPasswordPolicySourceTypeFineGrainedPolicy ActiveDirectoryPasswordPolicySourceType = "FINE_GRAINED_POLICY"
	ActiveDirectoryPasswordPolicySourceTypeUnknown           ActiveDirectoryPasswordPolicySourceType = "UNKNOWN"
)

func (ActiveDirectoryPasswordPolicySourceType) IsValid 

func (e ActiveDirectoryPasswordPolicySourceType) IsValid() bool

func (ActiveDirectoryPasswordPolicySourceType) MarshalGQL 

func (e ActiveDirectoryPasswordPolicySourceType) MarshalGQL(w io.Writer)

func (ActiveDirectoryPasswordPolicySourceType) String 

func (e ActiveDirectoryPasswordPolicySourceType) String() string

func (*ActiveDirectoryPasswordPolicySourceType) UnmarshalGQL 

func (e *ActiveDirectoryPasswordPolicySourceType) UnmarshalGQL(v interface{}) error

type ActiveDirectorySecurityPrincipalAccountDescriptor 

type ActiveDirectorySecurityPrincipalAccountDescriptor interface {
	IsActiveDirectorySecurityPrincipalAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetCn() *string
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDescription() *string
	// The entry's distinguished name (DN) in LDAP.
	GetDn() string
	// The Active Directory domain under which the entry is defined.
	GetDomain() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetLastUpdateTime() string
	// The account's [Object-Guid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectguid).
	GetObjectGUID() string
	// The account's [Object-Sid attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-objectsid).
	GetObjectSid() string
	// The account's [SAM-Account-Name attribute](https://docs.microsoft.com/en-us/windows/desktop/adschema/a-samaccountname).
	GetSamAccountName() string
}

A specialized abstract `AccountDescriptor` interface for Active Directory LDAP entry sources.

type ActivityParticipatingAccountDescriptor 

type ActivityParticipatingAccountDescriptor interface {
	IsActivityParticipatingAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDescription() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	// The date and time of the account's latest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	GetMostRecentActivity() *string
}

An abstract `AccountDescriptor` interface common to all accounts that participate in the network activity.

type ActivityParticipatingEntity 

type ActivityParticipatingEntity interface {
	IsActivityParticipatingEntity()
	// A list of external, elementary account descriptors used to construct this
	// entity. For instance, the list for a `UserEntity` which is backed by an LDAP
	// domain entry and an IDAAS account will include
	// `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.
	GetAccounts() []AccountDescriptor
	// If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.
	//
	// For entities derived with external data sources, such as LDAP users, an entity
	// is considered archived if its primary account (see `Entity:primaryAccount` is
	// deleted. Entities not associated with any external sources, such as unmanaged
	// endpoints, may also be archived based on a long period of inactivity. Except
	// the `archived` attribute itself, no other attribute of an archived entity is
	// updated. The attributes of an archived entity represent the state of the
	// entity at the time when it was archived.
	GetArchived() bool
	// A list of associations of various types (see `Association:bindingType`) that
	// this entity has with other objects, most commonly with other entities. For
	// example, a `UserEntity` may have an `OWNERSHIP` association with an
	// `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`.
	// The semantics for each association type are detailed in `BindingType`.
	GetAssociations() []Association
	GetCreationTime() string
	// The date and time of the entity's earliest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	GetEarliestSeenTraffic() *string
	// The entity's unique identifier.
	GetEntityID() string
	GetHasADDomainAdminRole() *bool
	// A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.
	//
	// “`graphql
	// {
	//   entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
	//   {
	//     nodes
	//     {
	//       type
	//       primaryDisplayName
	//       ... on UserEntity
	//       {
	//         isHuman: hasRole(type: HumanUserAccountRole)
	//         isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
	//         isAdmin: hasRole(type: AdminAccountRole)
	//       }
	//       ... on EndpointEntity
	//       {
	//         isWorkstation: hasRole(type: WorkstationRole)
	//         isServer: hasRole(type: WorkstationRole)
	//       }
	//       isManuallyClassified: hasRole(confirmed: true)
	//     }
	//   }
	// }
	// “`
	GetHasRole() *bool
	// If `true`, the entity is inactive. An entity is considered inactive after 21
	// days since its latest recorded network activity (see `mostRecentActivity`).
	GetInactive() bool
	// If `true`, the system has gathered enough information to consider this entity *learned*.
	GetLearned() bool
	// For marked entities, this is set to the last time the entity was marked.
	GetMarkTime() *string
	// The date and time of the entity's latest recorded network activity. This takes
	// into account both the data reported by external sources and the actual traffic
	// seen by the system.
	GetMostRecentActivity() *string
	// Query open incidents for this entity.
	GetOpenIncidents() *IncidentConnection
	// The primary display name used to represent this entity in user-facing data.
	//
	// The primary display name is typically shorter than the secondary display name,
	// but is much less likely to be unique across the organization or network. For
	// further details on the semantics, see the documentation for specific types.
	GetPrimaryDisplayName() string
	// A list of risk factors contributing to the overall risk of this entity, sorted
	// by `RiskFactorContribution:score` in descending order.
	GetRiskFactors() []EntityRiskFactor
	// The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).
	GetRiskScore() string
	// The entity's risk score derived from `riskScore`.
	GetRiskScoreSeverity() ScoreSeverity
	// A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.
	//
	// For example, a `UserEntity` representing an *account operator* in an Active
	// Directory domain should have an `AccountOperatorsAdminRole` entry on this
	// list. Should the system later learn this privileged account is used by a
	// script rather than a human, its associated entity will also have a
	// `ProgrammaticUserAccountRole`. Similarly, when the system learns that some
	// `EndpointEntity` belongs to a VDI cluster, it tags it with a
	// `VdiEndpointRole`.The model for roles is hierarchical. For example, the
	// aforementioned `AccountOperatorsAdminRole` is a specialization of
	// `OperatorLevelAdminRole`, which by itself is a specialization of
	// `AdminAccountRole`.
	//
	// When roles are queried, this hierarchy is always taken into account.
	// Therefore, querying an entity about the existence of a role also implies that
	// all of its direct and indirect specializations will be queried too. This
	// hierarchy is completely reflected by GraphQL inheritance. For instance, you
	// can see that `ExchangeServerRole` implements `ApplicationServerRole`,  and
	// that the latter implements `ServerRole`.
	//
	// For your convenience, `EntityRole:fullPath` can be projected on the role
	// itself, reperesenting the role type ancestry as breadcrumbs. See
	// `EntityRoleType` for query examples.
	GetRoles() []EntityRole
	// The secondary display name is used to represent unique name for this entity in the organization or the network.
	GetSecondaryDisplayName() string
	// If `true`, the entity is stale. An entity is considered stale after 90 days of
	// inactivity (see `mostRecentActivity`), as long as it is still effectively part
	// of the network. An account-based entity is not considered part of the network
	// when all of its base accounts are disabled (see `primaryAccount` and
	// `secondaryAccounts`).
	GetStale() bool
	// The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).
	GetType() EntityType
	// If `true`, this entity appears on the system watchlist.
	GetWatched() bool
}

An abstract `Entity` interface common to all entities that participate in the network activity, as opposed to entities defined by their place in the organization structure.

type ActivityQueryInput 

type ActivityQueryInput struct {
	// The query is a match if all specified conditions are true
	// “`graphql
	// ##### List service accesses, except the ones that weren’t using NTLM protocol and not File Shares service types
	// {
	//     timeline(types: [SERVICE_ACCESS]
	//              activityQuery: {
	//                  all: [
	//                      { not: { protocolTypes: [NTLM] }},
	//                      { not: { targetServiceTypes: [FILE_SHARE] }}
	//                  ]
	//               }
	//              first: 2)
	//     {
	//         nodes {
	//             eventType
	//             eventLabel
	//             ... on TimelineServiceAccessEvent {
	//                 protocolType
	//                 userEntity {
	//                     primaryDisplayName
	//                 }
	//                 targetServiceType
	//             }
	//         }
	//     }
	// }
	// “`
	All []*ActivityQueryInput `json:"all,omitempty"`
	// The query is a match if any of the specified conditions are true
	// “`graphql
	// ##### List service accesses for MAIL using NTLM or Remote Desktop using Kerberos
	// {
	//     timeline(types: [SERVICE_ACCESS]
	//              activityQuery: {
	//                  any: [
	//                      { protocolTypes: [NTLM], targetServiceTypes: [MAIL] },
	//                      { protocolTypes: [KERBEROS], targetServiceTypes: [REMOTE_DESKTOP] }
	//                  ]
	//               }
	//              last: 2)
	//     {
	//         nodes {
	//             eventType
	//             eventLabel
	//             ... on TimelineServiceAccessEvent {
	//                 protocolType
	//                 userEntity {
	//                     primaryDisplayName
	//                 }
	//             }
	//         }
	//     }
	// }
	// “`
	Any                       []*ActivityQueryInput      `json:"any,omitempty"`
	AuthenticationTypes       []AuthenticationType       `json:"authenticationTypes,omitempty"`
	Blocked                   *bool                      `json:"blocked,omitempty"`
	CertificateBasedAuth      *bool                      `json:"certificateBasedAuth,omitempty"`
	CityCodes                 []int                      `json:"cityCodes,omitempty"`
	CountryCodes              []string                   `json:"countryCodes,omitempty"`
	DataSourceCategories      []DataSourceCategory       `json:"dataSourceCategories,omitempty"`
	DataSources               []DataSource               `json:"dataSources,omitempty"`
	DcerpcSignatures          []DcerpcSignature          `json:"dcerpcSignatures,omitempty"`
	FileOperationTypes        []FileOperationType        `json:"fileOperationTypes,omitempty"`
	HasGeoLocation            *bool                      `json:"hasGeoLocation,omitempty"`
	IspDomains                []string                   `json:"ispDomains,omitempty"`
	KrbErrors                 []KrbErrCode               `json:"krbErrors,omitempty"`
	LdapBindErrors            []LdapBindResult           `json:"ldapBindErrors,omitempty"`
	LdapSearchQuerySignatures []LdapQuerySignature       `json:"ldapSearchQuerySignatures,omitempty"`
	LdapSecurityTypes         []LdapSecurityType         `json:"ldapSecurityTypes,omitempty"`
	LoginRelatedServiceAccess *bool                      `json:"loginRelatedServiceAccess,omitempty"`
	MsSpecificErrors          []ApplicationSpecificError `json:"msSpecificErrors,omitempty"`
	// The query is a match if this conditions are not true
	// “`graphql
	// ##### Show traffic based events from last 12 hours by privileged entities, except Files Shares
	// {
	//     timeline(startTime: "PT-12H"
	//              activityQuery: {
	//                  dataSourceCategories: [TRAFFIC]
	//                  not: { targetServiceTypes: [FILE_SHARE] }}
	//              sourceEntityQuery: { roles: [AdminAccountRole] }
	//              first: 2)
	//     {
	//         nodes {
	//             ... on TimelineEvent {
	//                 eventType
	//             }
	//             ... on TimelineUserOnEndpointActivityEvent {
	//                 userEntity {
	//                     primaryDisplayName
	//                 }
	//                 endpointEntity {
	//                     primaryDisplayName
	//                 }
	//                 ipAddress
	//             }
	//         }
	//     }
	// }
	// “`
	Not                                    *ActivityQueryInput `json:"not,omitempty"`
	NtlmErrors                             []NtlmErrorCode     `json:"ntlmErrors,omitempty"`
	ProtocolTypes                          []ProtocolType      `json:"protocolTypes,omitempty"`
	ProtocolVersions                       []string            `json:"protocolVersions,omitempty"`
	SmbDialects                            []SmbDialect        `json:"smbDialects,omitempty"`
	SourceEndpointHostNames                []string            `json:"sourceEndpointHostNames,omitempty"`
	SourceEndpointIPAddressReputations     []IPReputation      `json:"sourceEndpointIpAddressReputations,omitempty"`
	SourceEndpointIPAddresses              []string            `json:"sourceEndpointIpAddresses,omitempty"`
	SourceEndpointNetworkTags              []string            `json:"sourceEndpointNetworkTags,omitempty"`
	SourceEndpointNetworkTypes             []NetworkType       `json:"sourceEndpointNetworkTypes,omitempty"`
	SourceEndpointSiteEntityIds            []string            `json:"sourceEndpointSiteEntityIds,omitempty"`
	SourceEntityDataSourceLoginIdentifiers []string            `json:"sourceEntityDataSourceLoginIdentifiers,omitempty"`
	SsoErrors                              []SsoError          `json:"ssoErrors,omitempty"`
	StateCodes                             []string            `json:"stateCodes,omitempty"`
	TargetServiceClasses                   []string            `json:"targetServiceClasses,omitempty"`
	TargetServiceIdentifiers               []string            `json:"targetServiceIdentifiers,omitempty"`
	TargetServiceIsSourceEndpoint          *bool               `json:"targetServiceIsSourceEndpoint,omitempty"`
	TargetServiceTypes                     []ServiceType       `json:"targetServiceTypes,omitempty"`
	TLSVersions                            []TLSVersion        `json:"tlsVersions,omitempty"`
}

Query criteria for activity events. All specified criteria must be met for a result to match.

type AddCommentToIncidentInput 

type AddCommentToIncidentInput struct {
	ClientMutationID *string `json:"clientMutationId,omitempty"`
	// The comment to be added.
	Comment string `json:"comment"`
	// The unique identifier of the incident to be updated (see `Incident:incidentId`).
	IncidentID string `json:"incidentId"`
}

Input data for `addCommentToIncident`.

type AddUserEntityAuthorizerInput 

type AddUserEntityAuthorizerInput struct {
	AuthorizerEntityQuery *EntityQueryInput `json:"authorizerEntityQuery"`
	ClientMutationID      *string           `json:"clientMutationId,omitempty"`
	EntityQuery           *EntityQueryInput `json:"entityQuery"`
}

type AdminAccountRole 

type AdminAccountRole interface {
	IsAdminAccountRole()
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type AdminAccountRoleImpl 

type AdminAccountRoleImpl struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AdminAccountRoleImpl) GetAuthorizingContainingEntitiesIds 

func (this AdminAccountRoleImpl) GetAuthorizingContainingEntitiesIds() []string

func (AdminAccountRoleImpl) GetAuthorizingGroupIds 

func (this AdminAccountRoleImpl) GetAuthorizingGroupIds() []string

func (AdminAccountRoleImpl) GetBuiltin 

func (this AdminAccountRoleImpl) GetBuiltin() bool

func (AdminAccountRoleImpl) GetConfirmed 

func (this AdminAccountRoleImpl) GetConfirmed() bool

func (AdminAccountRoleImpl) GetFullPath 

func (this AdminAccountRoleImpl) GetFullPath() *string

func (AdminAccountRoleImpl) GetProbability 

func (this AdminAccountRoleImpl) GetProbability() *float64

func (AdminAccountRoleImpl) GetType 

func (this AdminAccountRoleImpl) GetType() EntityRoleType

func (AdminAccountRoleImpl) IsAdminAccountRole 

func (AdminAccountRoleImpl) IsAdminAccountRole()

func (AdminAccountRoleImpl) IsEntityRole 

func (AdminAccountRoleImpl) IsEntityRole()

type AdministratorsRole 

type AdministratorsRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AdministratorsRole) GetAuthorizingContainingEntitiesIds 

func (this AdministratorsRole) GetAuthorizingContainingEntitiesIds() []string

func (AdministratorsRole) GetAuthorizingGroupIds 

func (this AdministratorsRole) GetAuthorizingGroupIds() []string

func (AdministratorsRole) GetBuiltin 

func (this AdministratorsRole) GetBuiltin() bool

func (AdministratorsRole) GetConfirmed 

func (this AdministratorsRole) GetConfirmed() bool

func (AdministratorsRole) GetFullPath 

func (this AdministratorsRole) GetFullPath() *string

func (AdministratorsRole) GetProbability 

func (this AdministratorsRole) GetProbability() *float64

func (AdministratorsRole) GetType 

func (this AdministratorsRole) GetType() EntityRoleType

func (AdministratorsRole) IsAdminAccountRole 

func (AdministratorsRole) IsAdminAccountRole()

func (AdministratorsRole) IsDomainLevelAdminRole 

func (AdministratorsRole) IsDomainLevelAdminRole()

func (AdministratorsRole) IsEntityRole 

func (AdministratorsRole) IsEntityRole()

type AggressionLevel 

type AggressionLevel string
const (
	AggressionLevelMostAggressive    AggressionLevel = "MOST_AGGRESSIVE"
	AggressionLevelDefaultAggression AggressionLevel = "DEFAULT_AGGRESSION"
)

func (AggressionLevel) IsValid 

func (e AggressionLevel) IsValid() bool

func (AggressionLevel) MarshalGQL 

func (e AggressionLevel) MarshalGQL(w io.Writer)

func (AggressionLevel) String 

func (e AggressionLevel) String() string

func (*AggressionLevel) UnmarshalGQL 

func (e *AggressionLevel) UnmarshalGQL(v interface{}) error

type AlertQueryInput 

type AlertQueryInput struct {
	AlertIds             []string    `json:"alertIds,omitempty"`
	MinimalAlertSeverity *float64    `json:"minimalAlertSeverity,omitempty"`
	PatternIds           []int       `json:"patternIds,omitempty"`
	Types                []AlertType `json:"types,omitempty"`
}

type AlertType 

type AlertType string

Enumeration of alert types. 

const (
	// A single end user password was repeatedly entered incorrectly from a machine
	// that is unusual for that end user, until the end user was locked out.
	AlertTypePasswordBruteForceAlert AlertType = "PasswordBruteForceAlert"
	// A ticket has been used for more than ten hours (the default Kerberos ticket validity period).
	AlertTypeGoldenTicketAlert AlertType = "GoldenTicketAlert"
	// An NTLM authentication was captured and redirected to gain access to another resource
	AlertTypeNtlmRelayAlert AlertType = "NtlmRelayAlert"
	// A machine that usually does not perform domain replication has performed a domain replication (DRSUAPI) request.
	AlertTypeDcSyncAlert AlertType = "DcSyncAlert"
	// The user account is being used from a location that is not common to the user
	// and is not common in general in the organizations network.
	AlertTypeGeoLocationAnomalyAlert AlertType = "GeoLocationAnomalyAlert"
	// A task creation RPC request was sent to a domain controller at the same time as an RDP ticket request.
	AlertTypeCredSspVulnerabilityAlert AlertType = "CredSspVulnerabilityAlert"
	// An activity was reported as malicious by an end-user through policy-triggered MFA or Email Verification.
	AlertTypeIdentityVerificationDenyAlert AlertType = "IdentityVerificationDenyAlert"
	// An account was hidden from being enumerated in LDAP.
	AlertTypeHiddenObjectAlert AlertType = "HiddenObjectAlert"
	// An account attempting to access multiple servers or workstations.
	AlertTypeDailyTargetVolumeAnomalyAlert AlertType = "DailyTargetVolumeAnomalyAlert"
	// A new or stale user generates unusual traffic.
	AlertTypeNewEntityAbnormalUsageAlert AlertType = "NewEntityAbnormalUsageAlert"
	// A DCE/RPC command to configure a domain controller was issued, but was never used in the endpoint or network.
	AlertTypeAnomalousRPCAlert AlertType = "AnomalousRpcAlert"
	// An end user accessed the enterprise network/cloud from a blacklisted country
	// or a region or outside the whitelisted regions.
	AlertTypeForbiddenCountryAlert AlertType = "ForbiddenCountryAlert"
	// The user account was used from more than one location in close time proximity
	// where the distance between the locations was greater than theoretical speed of
	// travel between them.
	AlertTypeGeoLocationVelocityAnomalyAlert AlertType = "GeoLocationVelocityAnomalyAlert"
	// A protocol (e.g. NTLM or Kerberos) was used in an abnormal manner consistent
	// with known ubiquitous attack tools, such as Mimikatz or Impacket. Such
	// behavior could indicate that an attack (Pass the Hash,Diamond PAC, etc.) took place.
	AlertTypePassTheHashAlert AlertType = "PassTheHashAlert"
	// An end user account that has not been active in the network for longer than 90 days was used again.
	AlertTypeStaleAccountUsageAlert AlertType = "StaleAccountUsageAlert"
	// Multiple failed authentication attempts in a short time frame from the same machine.
	AlertTypeCredentialScanningAlert AlertType = "CredentialScanningAlert"
	// An end-user accessed a server that they had not previously used. The access
	// was deemed anomalous based on several factors such as server usage (volume,
	// frequency), user role and server access within the user’s peer group.
	AlertTypeNewServerAccessAlert AlertType = "NewServerAccessAlert"
	// Legacy alert type. Unused in new data.
	AlertTypeStaleServiceUsageAlert AlertType = "StaleServiceUsageAlert"
	// An account's credentials were used to authenticate to a machine to which it
	// was not previously connected. The authentication was considered anomalous
	// based on several factors such as machine role and the user role.
	AlertTypeCredentialTheftAlert AlertType = "CredentialTheftAlert"
	// A forged PAC ([MS14-068](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-068)) or a Diamond PAC attack was carried out in the network.
	AlertTypeForgedPacAlert AlertType = "ForgedPacAlert"
	// An end-user account was used to configure a workstation or a server from an unusual machine.
	AlertTypeLateralMovementAlert AlertType = "LateralMovementAlert"
	// The domain controller is rejecting current cryptographic algorithms and supports only RC4.
	AlertTypeSkeletonKeyAlert AlertType = "SkeletonKeyAlert"
	// The user did not respond to an MFA request triggered by a policy rule match.
	AlertTypeIdentityVerificationTimeoutAlert AlertType = "IdentityVerificationTimeoutAlert"
	// An end-user accessed a server that they had not previously used. The access
	// was deemed anomalous based on several factors such as server usage (volume or
	// frequency), the user role and monitored server access within the user’s peer group.
	AlertTypeAbnormalUsageAlert AlertType = "AbnormalUsageAlert"
	// A recognized LDAP search request usually performed by a known attacking tool
	// (e.g. Bloodhound, impacket) was used in the network.
	AlertTypeLdapReconnaissanceAlert AlertType = "LdapReconnaissanceAlert"
	// A Kerberos service ticket generated one one machine was used on another machine.
	AlertTypePassTheTicketAlert AlertType = "PassTheTicketAlert"
	// A life-cycle supportive alert type used for automatic resolution of incidents based on successful identity verification.
	AlertTypeIdentityVerificationApproveAlert AlertType = "IdentityVerificationApproveAlert"
	// An endpoint that was not used in the network for a considerable amount of time was used again.
	AlertTypeStaleHostUsageAlert AlertType = "StaleHostUsageAlert"
	// Generic alert type generated for policy rule matches, if the matched rule is explicitly configured to create alerts.
	AlertTypePolicyRuleMatchAlert AlertType = "PolicyRuleMatchAlert"
	// An account accessed an anomalous number of workstations or servers that
	// exceeds the previous usage volume for that account.
	AlertTypeDailyVolumeAnomalyAlert   AlertType = "DailyVolumeAnomalyAlert"
	AlertTypeRemoteCodeExecutionAlert  AlertType = "RemoteCodeExecutionAlert"
	AlertTypeBadReputationIPUsageAlert AlertType = "BadReputationIpUsageAlert"
	AlertTypeBronzeBitAlert            AlertType = "BronzeBitAlert"
	// The privileges of a user/endpoint/cloud service have been changed
	AlertTypePrivilegeEscalationAlert AlertType = "PrivilegeEscalationAlert"
	// Machine account was modified in a way that indicates potential exploitation of CVE-2021-42287/CVE-2021-42278
	AlertTypeSuspiciousMachineAccountAlterationAlert AlertType = "SuspiciousMachineAccountAlterationAlert"
	// A honeytoken account activity was detected
	AlertTypeHoneytokenActivityAlert AlertType = "HoneytokenActivityAlert"
	// A honeytoken account was altered in a way that can indicate an exploitation attempt
	AlertTypeHoneytokenAlterationAlert AlertType = "HoneytokenAlterationAlert"
	// An unusual certificate-based activity was detected
	AlertTypeAnomalousCertificateBasedActivityAlert AlertType = "AnomalousCertificateBasedActivityAlert"
	// A web-based activity was detected as anomalous by ML model
	AlertTypeSuspiciousCloudActivityMLAlert AlertType = "SuspiciousCloudActivityMLAlert"
)

func (AlertType) IsValid 

func (e AlertType) IsValid() bool

func (AlertType) MarshalGQL 

func (e AlertType) MarshalGQL(w io.Writer)

func (AlertType) String 

func (e AlertType) String() string

func (*AlertType) UnmarshalGQL 

func (e *AlertType) UnmarshalGQL(v interface{}) error

type ApplicationServerRole 

type ApplicationServerRole interface {
	IsApplicationServerRole()
	GetConfirmed() bool
	GetFullPath() *string
	GetImpersonator() bool
	GetProbability() *float64
	GetType() EntityRoleType
}

type ApplicationServerRoleImpl 

type ApplicationServerRoleImpl struct {
	Confirmed    bool           `json:"confirmed"`
	FullPath     *string        `json:"fullPath,omitempty"`
	Impersonator bool           `json:"impersonator"`
	Probability  *float64       `json:"probability,omitempty"`
	Type         EntityRoleType `json:"type"`
}

func (ApplicationServerRoleImpl) GetConfirmed 

func (this ApplicationServerRoleImpl) GetConfirmed() bool

func (ApplicationServerRoleImpl) GetFullPath 

func (this ApplicationServerRoleImpl) GetFullPath() *string

func (ApplicationServerRoleImpl) GetImpersonator 

func (this ApplicationServerRoleImpl) GetImpersonator() bool

func (ApplicationServerRoleImpl) GetProbability 

func (this ApplicationServerRoleImpl) GetProbability() *float64

func (ApplicationServerRoleImpl) GetType 

func (this ApplicationServerRoleImpl) GetType() EntityRoleType

func (ApplicationServerRoleImpl) IsApplicationServerRole 

func (ApplicationServerRoleImpl) IsApplicationServerRole()

func (ApplicationServerRoleImpl) IsClassificationRole 

func (ApplicationServerRoleImpl) IsClassificationRole()

func (ApplicationServerRoleImpl) IsEntityRole 

func (ApplicationServerRoleImpl) IsEntityRole()

func (ApplicationServerRoleImpl) IsServerRole 

func (ApplicationServerRoleImpl) IsServerRole()

type ApplicationSpecificError 

type ApplicationSpecificError string

An enumeration of the Microsoft extended error codes used in their Kerberos implementation. 

const (
	ApplicationSpecificErrorStatusAccountDisabled    ApplicationSpecificError = "STATUS_ACCOUNT_DISABLED"
	ApplicationSpecificErrorStatusAccountExpired     ApplicationSpecificError = "STATUS_ACCOUNT_EXPIRED"
	ApplicationSpecificErrorStatusAccountLockedOut   ApplicationSpecificError = "STATUS_ACCOUNT_LOCKED_OUT"
	ApplicationSpecificErrorStatusInvalidWorkstation ApplicationSpecificError = "STATUS_INVALID_WORKSTATION"
)

func (ApplicationSpecificError) IsValid 

func (e ApplicationSpecificError) IsValid() bool

func (ApplicationSpecificError) MarshalGQL 

func (e ApplicationSpecificError) MarshalGQL(w io.Writer)

func (ApplicationSpecificError) String 

func (e ApplicationSpecificError) String() string

func (*ApplicationSpecificError) UnmarshalGQL 

func (e *ApplicationSpecificError) UnmarshalGQL(v interface{}) error

type AppliedActiveDirectoryPasswordPolicy 

type AppliedActiveDirectoryPasswordPolicy struct {
	// Returns *yes* if a password complexity policy is enabled and passwords are required to meet certain requirements.
	ComplexityEnabled bool `json:"complexityEnabled"`
	// The name of the currently applied password policy.
	DisplayName string `json:"displayName"`
	// The maximum number of failed logons after which the user account will be temporarily locked out.
	FailedAuthenticationAttemptsLockoutThreshold *int `json:"failedAuthenticationAttemptsLockoutThreshold,omitempty"`
	// Duration of the temporary account lockout if the maximum number of failed logons is reached.
	LockoutDuration string `json:"lockoutDuration"`
	// The observation time for lockout threshold. If there are no failed attempts,
	// the threshold counter is reset after this time.
	LockoutObservationWindow string `json:"lockoutObservationWindow"`
	// The period of time that a password can be used before the user is prompted to change it.
	MaxAge string `json:"maxAge"`
	// The period of time that a password must be used before the user can change it.
	MinAge string `json:"minAge"`
	// The minimum allowed number of characters in a user account password.
	MinLength int `json:"minLength"`
	// The password policy score represented as a number.
	PolicyRank string `json:"policyRank"`
	// The password policy score represented verbally.
	PolicyRankLevel ScoreLevel `json:"policyRankLevel"`
	// If *yes* is returned, reversible encryption is enabled. It means that the user
	// account password is stored in the reversible encryption format which is
	// insecure and not recommended.
	ReversibleEncryptionEnabled bool `json:"reversibleEncryptionEnabled"`
	// The number of unique new passwords associated with a user account before an old password can be reused.
	SavedPreviousPasswordCount int `json:"savedPreviousPasswordCount"`
	// The source of information about the password policy.
	SourceType ActiveDirectoryPasswordPolicySourceType `json:"sourceType"`
}

A descriptor object for a password policy instance within an Active Directory domain.

type Association 

type Association interface {
	IsAssociation()
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	GetBindingType() BindingType
}

An association between two entities. The nature of the association and the specific subtype are determined by `bindingType`.

**Symmetric vs. Asymmetric**: Depending on the binding type, an association can be symmetric or asymmetric. A symmetric association is set on both participating entities, each pointing to the other one. For example, the `LOGIN` association is symmetric. Therefore, if a user has a `LOGIN` association with an endpoint, the endpoint should have the same association with the user. Conversely, if a user has a `SERVICE_ACCESS` association with a server, the server is not supposed to have the same association with the user, because the `SERVICE_ACCESS` association is asymmetric. The documentation for `BindingType` specifies which binding types are symmetric and which are asymmetric.

type AssociationImpl 

type AssociationImpl struct {
	BindingType BindingType `json:"bindingType"`
}

func (AssociationImpl) GetBindingType 

func (this AssociationImpl) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (AssociationImpl) IsAssociation 

func (AssociationImpl) IsAssociation()

type AttackPathBasedRiskFactor 

type AttackPathBasedRiskFactor struct {
	AttackPath []*AttackPathNode `json:"attackPath"`
	Score      string            `json:"score"`
	Severity   ScoreSeverity     `json:"severity"`
	Type       RiskFactorType    `json:"type"`
}

func (AttackPathBasedRiskFactor) GetScore 

func (this AttackPathBasedRiskFactor) GetScore() string

func (AttackPathBasedRiskFactor) GetSeverity 

func (this AttackPathBasedRiskFactor) GetSeverity() ScoreSeverity

func (AttackPathBasedRiskFactor) GetType 

func (this AttackPathBasedRiskFactor) GetType() RiskFactorType

func (AttackPathBasedRiskFactor) IsEntityRiskFactor 

func (AttackPathBasedRiskFactor) IsEntityRiskFactor()

type AttackPathNode 

type AttackPathNode struct {
	Entity     Entity             `json:"entity"`
	NextEntity Entity             `json:"nextEntity,omitempty"`
	Relation   AttackPathRelation `json:"relation"`
}

type AttackPathRelation 

type AttackPathRelation string
const (
	AttackPathRelationAdmin                                            AttackPathRelation = "ADMIN"
	AttackPathRelationPasswordResetter                                 AttackPathRelation = "PASSWORD_RESETTER"
	AttackPathRelationAllowedToAddToGroup                              AttackPathRelation = "ALLOWED_TO_ADD_TO_GROUP"
	AttackPathRelationAllowedToModifyPermissions                       AttackPathRelation = "ALLOWED_TO_MODIFY_PERMISSIONS"
	AttackPathRelationInGroup                                          AttackPathRelation = "IN_GROUP"
	AttackPathRelationLoggedOnToEp                                     AttackPathRelation = "LOGGED_ON_TO_EP"
	AttackPathRelationLocalAdmin                                       AttackPathRelation = "LOCAL_ADMIN"
	AttackPathRelationDuplicatedLocalAdmin                             AttackPathRelation = "DUPLICATED_LOCAL_ADMIN"
	AttackPathRelationApplicationOwner                                 AttackPathRelation = "APPLICATION_OWNER"
	AttackPathRelationApplicationController                            AttackPathRelation = "APPLICATION_CONTROLLER"
	AttackPathRelationRoleMember                                       AttackPathRelation = "ROLE_MEMBER"
	AttackPathRelationAdminReplicator                                  AttackPathRelation = "ADMIN_REPLICATOR"
	AttackPathRelationAdminSidTakeover                                 AttackPathRelation = "ADMIN_SID_TAKEOVER"
	AttackPathRelationAdminUnconstrainedSvcDelegation                  AttackPathRelation = "ADMIN_UNCONSTRAINED_SVC_DELEGATION"
	AttackPathRelationAdminConstrainedSvcDelegation                    AttackPathRelation = "ADMIN_CONSTRAINED_SVC_DELEGATION"
	AttackPathRelationAdminAuthenticateAsAnyDomainUserCaTemplate       AttackPathRelation = "ADMIN_AUTHENTICATE_AS_ANY_DOMAIN_USER_CA_TEMPLATE"
	AttackPathRelationAdminAuthenticateAsAnyDomainUserWithRequestAgent AttackPathRelation = "ADMIN_AUTHENTICATE_AS_ANY_DOMAIN_USER_WITH_REQUEST_AGENT"
	AttackPathRelationDuplicatePassword                                AttackPathRelation = "DUPLICATE_PASSWORD"
	AttackPathRelationOwnerAdmin                                       AttackPathRelation = "OWNER_ADMIN"
	AttackPathRelationCaTemplate                                       AttackPathRelation = "CA_TEMPLATE"
	AttackPathRelationAllowedToWriteKeyCredential                      AttackPathRelation = "ALLOWED_TO_WRITE_KEY_CREDENTIAL"
	AttackPathRelationAllowedToWriteOwnerCaTemplate                    AttackPathRelation = "ALLOWED_TO_WRITE_OWNER_CA_TEMPLATE"
	AttackPathRelationAllowedToWriteDaclCaTemplate                     AttackPathRelation = "ALLOWED_TO_WRITE_DACL_CA_TEMPLATE"
	AttackPathRelationAllowedToWritePropertyCaTemplate                 AttackPathRelation = "ALLOWED_TO_WRITE_PROPERTY_CA_TEMPLATE"
	AttackPathRelationAllowedToEnrollCaTemplate                        AttackPathRelation = "ALLOWED_TO_ENROLL_CA_TEMPLATE"
)

func (AttackPathRelation) IsValid 

func (e AttackPathRelation) IsValid() bool

func (AttackPathRelation) MarshalGQL 

func (e AttackPathRelation) MarshalGQL(w io.Writer)

func (AttackPathRelation) String 

func (e AttackPathRelation) String() string

func (*AttackPathRelation) UnmarshalGQL 

func (e *AttackPathRelation) UnmarshalGQL(v interface{}) error

type AuthenticationAsAnyUserWithCertificateRequestAgentRole 

type AuthenticationAsAnyUserWithCertificateRequestAgentRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	CertificateAuthorityEndpoints    []string       `json:"certificateAuthorityEndpoints"`
	CertificateTemplateNames         []string       `json:"certificateTemplateNames"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetAffectedEntities 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetAffectedEntities() []Entity

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetAuthorizingContainingEntitiesIds 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetAuthorizingContainingEntitiesIds() []string

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetAuthorizingGroupIds 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetAuthorizingGroupIds() []string

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetBuiltin 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetBuiltin() bool

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetConfirmed 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetConfirmed() bool

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetEffectedEntityIds 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetEffectedEntityIds() []string

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetFullPath 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetFullPath() *string

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetProbability 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetProbability() *float64

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetType 

func (this AuthenticationAsAnyUserWithCertificateRequestAgentRole) GetType() EntityRoleType

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) IsAdminAccountRole 

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) IsAdminAccountRole()

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) IsEffectiveAdminRole 

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) IsEffectiveAdminRole()

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) IsEntityRole 

func (AuthenticationAsAnyUserWithCertificateRequestAgentRole) IsEntityRole()

type AuthenticationCertificateTemplateControllerRole 

type AuthenticationCertificateTemplateControllerRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Permissions                      []*Permission  `json:"permissions"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AuthenticationCertificateTemplateControllerRole) GetAffectedEntities 

func (this AuthenticationCertificateTemplateControllerRole) GetAffectedEntities() []Entity

func (AuthenticationCertificateTemplateControllerRole) GetAuthorizingContainingEntitiesIds 

func (this AuthenticationCertificateTemplateControllerRole) GetAuthorizingContainingEntitiesIds() []string

func (AuthenticationCertificateTemplateControllerRole) GetAuthorizingGroupIds 

func (this AuthenticationCertificateTemplateControllerRole) GetAuthorizingGroupIds() []string

func (AuthenticationCertificateTemplateControllerRole) GetBuiltin 

func (this AuthenticationCertificateTemplateControllerRole) GetBuiltin() bool

func (AuthenticationCertificateTemplateControllerRole) GetConfirmed 

func (this AuthenticationCertificateTemplateControllerRole) GetConfirmed() bool

func (AuthenticationCertificateTemplateControllerRole) GetEffectedEntityIds 

func (this AuthenticationCertificateTemplateControllerRole) GetEffectedEntityIds() []string

func (AuthenticationCertificateTemplateControllerRole) GetFullPath 

func (this AuthenticationCertificateTemplateControllerRole) GetFullPath() *string

func (AuthenticationCertificateTemplateControllerRole) GetProbability 

func (this AuthenticationCertificateTemplateControllerRole) GetProbability() *float64

func (AuthenticationCertificateTemplateControllerRole) GetType 

func (this AuthenticationCertificateTemplateControllerRole) GetType() EntityRoleType

func (AuthenticationCertificateTemplateControllerRole) IsAdminAccountRole 

func (AuthenticationCertificateTemplateControllerRole) IsAdminAccountRole()

func (AuthenticationCertificateTemplateControllerRole) IsEffectiveAdminRole 

func (AuthenticationCertificateTemplateControllerRole) IsEffectiveAdminRole()

func (AuthenticationCertificateTemplateControllerRole) IsEntityRole 

func (AuthenticationCertificateTemplateControllerRole) IsEntityRole()

type AuthenticationType 

type AuthenticationType string
const (
	AuthenticationTypeDomainLogin            AuthenticationType = "DOMAIN_LOGIN"
	AuthenticationTypeSsoLogin               AuthenticationType = "SSO_LOGIN"
	AuthenticationTypeLdapAuthentication     AuthenticationType = "LDAP_AUTHENTICATION"
	AuthenticationTypeNtlmAuthentication     AuthenticationType = "NTLM_AUTHENTICATION"
	AuthenticationTypeKerberosAuthentication AuthenticationType = "KERBEROS_AUTHENTICATION"
	AuthenticationTypeSmbSessionSetup        AuthenticationType = "SMB_SESSION_SETUP"
)

func (AuthenticationType) IsValid 

func (e AuthenticationType) IsValid() bool

func (AuthenticationType) MarshalGQL 

func (e AuthenticationType) MarshalGQL(w io.Writer)

func (AuthenticationType) String 

func (e AuthenticationType) String() string

func (*AuthenticationType) UnmarshalGQL 

func (e *AuthenticationType) UnmarshalGQL(v interface{}) error

type AwsIcSsoAccountDescriptor 

type AwsIcSsoAccountDescriptor interface {
	IsAwsIcSsoAccountDescriptor()
	GetAwsAccountID() *string
	GetAwsOrganizationID() *string
}

type AwsIcSsoGroupAccountDescriptorImpl 

type AwsIcSsoGroupAccountDescriptorImpl struct {
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived                bool                     `json:"archived"`
	AwsAccountID            *string                  `json:"awsAccountId,omitempty"`
	AwsOrganizationID       *string                  `json:"awsOrganizationId,omitempty"`
	ContainingGroupEntities []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds      []string                 `json:"containingGroupIds"`
	ContainingRoleEntities  []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime            string                   `json:"creationTime"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource                        DataSource `json:"dataSource"`
	DataSourceConfigurationIdentifier string     `json:"dataSourceConfigurationIdentifier"`
	DataSourceParticipantIdentifier   string     `json:"dataSourceParticipantIdentifier"`
	Description                       *string    `json:"description,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled                          bool                     `json:"enabled"`
	FlattenedContainingGroupEntities []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds      []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities  []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	Tenant                           *string                  `json:"tenant,omitempty"`
}

An account descriptor provides data associated with an external entity source, such as an entry in an identity management system.

func (AwsIcSsoGroupAccountDescriptorImpl) GetArchived 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (AwsIcSsoGroupAccountDescriptorImpl) GetAwsAccountID 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetAwsAccountID() *string

func (AwsIcSsoGroupAccountDescriptorImpl) GetAwsOrganizationID 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetAwsOrganizationID() *string

func (AwsIcSsoGroupAccountDescriptorImpl) GetContainingGroupEntities 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetContainingGroupEntities() []*EntityContainerEntity

func (AwsIcSsoGroupAccountDescriptorImpl) GetContainingGroupIds 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetContainingGroupIds() []string

func (AwsIcSsoGroupAccountDescriptorImpl) GetContainingRoleEntities 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetContainingRoleEntities() []*EntityContainerEntity

func (AwsIcSsoGroupAccountDescriptorImpl) GetCreationTime 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetCreationTime() string

func (AwsIcSsoGroupAccountDescriptorImpl) GetDataSource 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (AwsIcSsoGroupAccountDescriptorImpl) GetDataSourceConfigurationIdentifier 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetDataSourceConfigurationIdentifier() string

func (AwsIcSsoGroupAccountDescriptorImpl) GetDataSourceParticipantIdentifier 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetDataSourceParticipantIdentifier() string

func (AwsIcSsoGroupAccountDescriptorImpl) GetDescription 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetDescription() *string

func (AwsIcSsoGroupAccountDescriptorImpl) GetEnabled 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (AwsIcSsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupEntities 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (AwsIcSsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupIds 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupIds() []string

func (AwsIcSsoGroupAccountDescriptorImpl) GetFlattenedContainingRoleEntities 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (AwsIcSsoGroupAccountDescriptorImpl) GetTenant 

func (this AwsIcSsoGroupAccountDescriptorImpl) GetTenant() *string

func (AwsIcSsoGroupAccountDescriptorImpl) IsAccountDescriptor 

func (AwsIcSsoGroupAccountDescriptorImpl) IsAccountDescriptor()

func (AwsIcSsoGroupAccountDescriptorImpl) IsAwsIcSsoAccountDescriptor 

func (AwsIcSsoGroupAccountDescriptorImpl) IsAwsIcSsoAccountDescriptor()

func (AwsIcSsoGroupAccountDescriptorImpl) IsSsoGroupAccountDescriptor 

func (AwsIcSsoGroupAccountDescriptorImpl) IsSsoGroupAccountDescriptor()

type AwsIcSsoUserAccountDescriptorImpl 

type AwsIcSsoUserAccountDescriptorImpl struct {
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived                bool                     `json:"archived"`
	AwsAccountID            *string                  `json:"awsAccountId,omitempty"`
	AwsOrganizationID       *string                  `json:"awsOrganizationId,omitempty"`
	ContainingEntities      []*EntityContainerEntity `json:"containingEntities"`
	ContainingGroupEntities []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds      []string                 `json:"containingGroupIds"`
	ContainingRoleEntities  []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime            string                   `json:"creationTime"`
	CredentialsDataSource   *DataSource              `json:"credentialsDataSource,omitempty"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource DataSource `json:"dataSource"`
	// The ID of the connector configuration associated with this account.
	DataSourceConfigurationIdentifier string  `json:"dataSourceConfigurationIdentifier"`
	DataSourceLoginIdentifier         *string `json:"dataSourceLoginIdentifier,omitempty"`
	// A unique identifier used by the connector to identify this account.
	DataSourceParticipantIdentifier string  `json:"dataSourceParticipantIdentifier"`
	Department                      *string `json:"department,omitempty"`
	Description                     *string `json:"description,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled                          bool                     `json:"enabled"`
	FlattenedContainingGroupEntities []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds      []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities  []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	FlattenedContainingRoleIds       []string                 `json:"flattenedContainingRoleIds,omitempty"`
	// The date and time of the account's latest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	MostRecentActivity *string `json:"mostRecentActivity,omitempty"`
	// Information regarding the account's password.
	PasswordAttributes PasswordAttributes `json:"passwordAttributes,omitempty"`
	Tenant             *string            `json:"tenant,omitempty"`
	Title              *string            `json:"title,omitempty"`
}

A specialized `AccountDescriptor` for SSO user accounts.

func (AwsIcSsoUserAccountDescriptorImpl) GetArchived 

func (this AwsIcSsoUserAccountDescriptorImpl) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (AwsIcSsoUserAccountDescriptorImpl) GetAwsAccountID 

func (this AwsIcSsoUserAccountDescriptorImpl) GetAwsAccountID() *string

func (AwsIcSsoUserAccountDescriptorImpl) GetAwsOrganizationID 

func (this AwsIcSsoUserAccountDescriptorImpl) GetAwsOrganizationID() *string

func (AwsIcSsoUserAccountDescriptorImpl) GetContainingEntities 

func (this AwsIcSsoUserAccountDescriptorImpl) GetContainingEntities() []*EntityContainerEntity

func (AwsIcSsoUserAccountDescriptorImpl) GetContainingGroupEntities 

func (this AwsIcSsoUserAccountDescriptorImpl) GetContainingGroupEntities() []*EntityContainerEntity

func (AwsIcSsoUserAccountDescriptorImpl) GetContainingGroupIds 

func (this AwsIcSsoUserAccountDescriptorImpl) GetContainingGroupIds() []string

func (AwsIcSsoUserAccountDescriptorImpl) GetContainingRoleEntities 

func (this AwsIcSsoUserAccountDescriptorImpl) GetContainingRoleEntities() []*EntityContainerEntity

func (AwsIcSsoUserAccountDescriptorImpl) GetCreationTime 

func (this AwsIcSsoUserAccountDescriptorImpl) GetCreationTime() string

func (AwsIcSsoUserAccountDescriptorImpl) GetCredentialsDataSource 

func (this AwsIcSsoUserAccountDescriptorImpl) GetCredentialsDataSource() *DataSource

func (AwsIcSsoUserAccountDescriptorImpl) GetDataSource 

func (this AwsIcSsoUserAccountDescriptorImpl) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (AwsIcSsoUserAccountDescriptorImpl) GetDataSourceConfigurationIdentifier 

func (this AwsIcSsoUserAccountDescriptorImpl) GetDataSourceConfigurationIdentifier() string

The ID of the connector configuration associated with this account.

func (AwsIcSsoUserAccountDescriptorImpl) GetDataSourceLoginIdentifier 

func (this AwsIcSsoUserAccountDescriptorImpl) GetDataSourceLoginIdentifier() *string

func (AwsIcSsoUserAccountDescriptorImpl) GetDataSourceParticipantIdentifier 

func (this AwsIcSsoUserAccountDescriptorImpl) GetDataSourceParticipantIdentifier() string

A unique identifier used by the connector to identify this account.

func (AwsIcSsoUserAccountDescriptorImpl) GetDepartment 

func (this AwsIcSsoUserAccountDescriptorImpl) GetDepartment() *string

func (AwsIcSsoUserAccountDescriptorImpl) GetDescription 

func (this AwsIcSsoUserAccountDescriptorImpl) GetDescription() *string

func (AwsIcSsoUserAccountDescriptorImpl) GetEnabled 

func (this AwsIcSsoUserAccountDescriptorImpl) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (AwsIcSsoUserAccountDescriptorImpl) GetFlattenedContainingGroupEntities 

func (this AwsIcSsoUserAccountDescriptorImpl) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (AwsIcSsoUserAccountDescriptorImpl) GetFlattenedContainingGroupIds 

func (this AwsIcSsoUserAccountDescriptorImpl) GetFlattenedContainingGroupIds() []string

func (AwsIcSsoUserAccountDescriptorImpl) GetFlattenedContainingRoleEntities 

func (this AwsIcSsoUserAccountDescriptorImpl) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (AwsIcSsoUserAccountDescriptorImpl) GetMostRecentActivity 

func (this AwsIcSsoUserAccountDescriptorImpl) GetMostRecentActivity() *string

The date and time of the account's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (AwsIcSsoUserAccountDescriptorImpl) GetPasswordAttributes 

func (this AwsIcSsoUserAccountDescriptorImpl) GetPasswordAttributes() PasswordAttributes

Information regarding the account's password.

func (AwsIcSsoUserAccountDescriptorImpl) GetTenant 

func (this AwsIcSsoUserAccountDescriptorImpl) GetTenant() *string

func (AwsIcSsoUserAccountDescriptorImpl) GetTitle 

func (this AwsIcSsoUserAccountDescriptorImpl) GetTitle() *string

func (AwsIcSsoUserAccountDescriptorImpl) IsAccountDescriptor 

func (AwsIcSsoUserAccountDescriptorImpl) IsAccountDescriptor()

func (AwsIcSsoUserAccountDescriptorImpl) IsActivityParticipatingAccountDescriptor 

func (AwsIcSsoUserAccountDescriptorImpl) IsActivityParticipatingAccountDescriptor()

func (AwsIcSsoUserAccountDescriptorImpl) IsAwsIcSsoAccountDescriptor 

func (AwsIcSsoUserAccountDescriptorImpl) IsAwsIcSsoAccountDescriptor()

func (AwsIcSsoUserAccountDescriptorImpl) IsSsoUserAccountDescriptor 

func (AwsIcSsoUserAccountDescriptorImpl) IsSsoUserAccountDescriptor()

func (AwsIcSsoUserAccountDescriptorImpl) IsUserAccountDescriptor 

func (AwsIcSsoUserAccountDescriptorImpl) IsUserAccountDescriptor()

type AzureAccessPrivilegesRole 

type AzureAccessPrivilegesRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	AuthorizingRoleIds               []string       `json:"authorizingRoleIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AzureAccessPrivilegesRole) GetAuthorizingContainingEntitiesIds 

func (this AzureAccessPrivilegesRole) GetAuthorizingContainingEntitiesIds() []string

func (AzureAccessPrivilegesRole) GetAuthorizingGroupIds 

func (this AzureAccessPrivilegesRole) GetAuthorizingGroupIds() []string

func (AzureAccessPrivilegesRole) GetAuthorizingRoleIds 

func (this AzureAccessPrivilegesRole) GetAuthorizingRoleIds() []string

func (AzureAccessPrivilegesRole) GetBuiltin 

func (this AzureAccessPrivilegesRole) GetBuiltin() bool

func (AzureAccessPrivilegesRole) GetConfirmed 

func (this AzureAccessPrivilegesRole) GetConfirmed() bool

func (AzureAccessPrivilegesRole) GetFullPath 

func (this AzureAccessPrivilegesRole) GetFullPath() *string

func (AzureAccessPrivilegesRole) GetProbability 

func (this AzureAccessPrivilegesRole) GetProbability() *float64

func (AzureAccessPrivilegesRole) GetType 

func (this AzureAccessPrivilegesRole) GetType() EntityRoleType

func (AzureAccessPrivilegesRole) IsAdminAccountRole 

func (AzureAccessPrivilegesRole) IsAdminAccountRole()

func (AzureAccessPrivilegesRole) IsAzurePrivilegedRole 

func (AzureAccessPrivilegesRole) IsAzurePrivilegedRole()

func (AzureAccessPrivilegesRole) IsEntityRole 

func (AzureAccessPrivilegesRole) IsEntityRole()

type AzureApplicationPrivilegesRole 

type AzureApplicationPrivilegesRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	AuthorizingRoleIds               []string       `json:"authorizingRoleIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AzureApplicationPrivilegesRole) GetAuthorizingContainingEntitiesIds 

func (this AzureApplicationPrivilegesRole) GetAuthorizingContainingEntitiesIds() []string

func (AzureApplicationPrivilegesRole) GetAuthorizingGroupIds 

func (this AzureApplicationPrivilegesRole) GetAuthorizingGroupIds() []string

func (AzureApplicationPrivilegesRole) GetAuthorizingRoleIds 

func (this AzureApplicationPrivilegesRole) GetAuthorizingRoleIds() []string

func (AzureApplicationPrivilegesRole) GetBuiltin 

func (this AzureApplicationPrivilegesRole) GetBuiltin() bool

func (AzureApplicationPrivilegesRole) GetConfirmed 

func (this AzureApplicationPrivilegesRole) GetConfirmed() bool

func (AzureApplicationPrivilegesRole) GetFullPath 

func (this AzureApplicationPrivilegesRole) GetFullPath() *string

func (AzureApplicationPrivilegesRole) GetProbability 

func (this AzureApplicationPrivilegesRole) GetProbability() *float64

func (AzureApplicationPrivilegesRole) GetType 

func (this AzureApplicationPrivilegesRole) GetType() EntityRoleType

func (AzureApplicationPrivilegesRole) IsAdminAccountRole 

func (AzureApplicationPrivilegesRole) IsAdminAccountRole()

func (AzureApplicationPrivilegesRole) IsAzurePrivilegedRole 

func (AzureApplicationPrivilegesRole) IsAzurePrivilegedRole()

func (AzureApplicationPrivilegesRole) IsEntityRole 

func (AzureApplicationPrivilegesRole) IsEntityRole()

type AzureCloudServiceAdapterDescriptor 

type AzureCloudServiceAdapterDescriptor struct {
	// The ID of the tenant in which the application is registered.
	AppOwnerOrganizationID *string `json:"appOwnerOrganizationId,omitempty"`
	// The ID of the registered application.
	AppRegistrationObjectID *string `json:"appRegistrationObjectId,omitempty"`
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived                bool                     `json:"archived"`
	ContainingGroupEntities []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds      []string                 `json:"containingGroupIds"`
	ContainingRoleEntities  []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime            string                   `json:"creationTime"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource DataSource `json:"dataSource"`
	// The ID of the connector configuration associated with this account.
	DataSourceConfigurationIdentifier string `json:"dataSourceConfigurationIdentifier"`
	// A unique identifier the connector uses to identify this account.
	DataSourceParticipantIdentifier string  `json:"dataSourceParticipantIdentifier"`
	Description                     *string `json:"description,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled                          bool                     `json:"enabled"`
	FlattenedContainingGroupEntities []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds      []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities  []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	// The last time the service principal was accessed.
	LastAccessTime *string `json:"lastAccessTime,omitempty"`
	// The date and time of the account's latest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	MostRecentActivity *string `json:"mostRecentActivity,omitempty"`
	// The domain name of the application publisher.
	PublisherDomain          *string               `json:"publisherDomain,omitempty"`
	RegisteredTenantType     *RegisteredTenantType `json:"registeredTenantType,omitempty"`
	ServicePrincipalObjectID *string               `json:"servicePrincipalObjectId,omitempty"`
	// The type of access this application allows.
	SignInAudience *SignInAudience `json:"signInAudience,omitempty"`
	Tenant         *string         `json:"tenant,omitempty"`
}

A specialized `AccountDescriptor` for SSO cloud service accounts.

func (AzureCloudServiceAdapterDescriptor) GetAppOwnerOrganizationID 

func (this AzureCloudServiceAdapterDescriptor) GetAppOwnerOrganizationID() *string

The ID of the tenant in which the application is registered.

func (AzureCloudServiceAdapterDescriptor) GetAppRegistrationObjectID 

func (this AzureCloudServiceAdapterDescriptor) GetAppRegistrationObjectID() *string

The ID of the registered application.

func (AzureCloudServiceAdapterDescriptor) GetArchived 

func (this AzureCloudServiceAdapterDescriptor) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (AzureCloudServiceAdapterDescriptor) GetContainingGroupEntities 

func (this AzureCloudServiceAdapterDescriptor) GetContainingGroupEntities() []*EntityContainerEntity

func (AzureCloudServiceAdapterDescriptor) GetContainingGroupIds 

func (this AzureCloudServiceAdapterDescriptor) GetContainingGroupIds() []string

func (AzureCloudServiceAdapterDescriptor) GetContainingRoleEntities 

func (this AzureCloudServiceAdapterDescriptor) GetContainingRoleEntities() []*EntityContainerEntity

func (AzureCloudServiceAdapterDescriptor) GetCreationTime 

func (this AzureCloudServiceAdapterDescriptor) GetCreationTime() string

func (AzureCloudServiceAdapterDescriptor) GetDataSource 

func (this AzureCloudServiceAdapterDescriptor) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (AzureCloudServiceAdapterDescriptor) GetDataSourceConfigurationIdentifier 

func (this AzureCloudServiceAdapterDescriptor) GetDataSourceConfigurationIdentifier() string

The ID of the connector configuration associated with this account.

func (AzureCloudServiceAdapterDescriptor) GetDataSourceParticipantIdentifier 

func (this AzureCloudServiceAdapterDescriptor) GetDataSourceParticipantIdentifier() string

A unique identifier the connector uses to identify this account.

func (AzureCloudServiceAdapterDescriptor) GetDescription 

func (this AzureCloudServiceAdapterDescriptor) GetDescription() *string

func (AzureCloudServiceAdapterDescriptor) GetEnabled 

func (this AzureCloudServiceAdapterDescriptor) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (AzureCloudServiceAdapterDescriptor) GetFlattenedContainingGroupEntities 

func (this AzureCloudServiceAdapterDescriptor) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (AzureCloudServiceAdapterDescriptor) GetFlattenedContainingGroupIds 

func (this AzureCloudServiceAdapterDescriptor) GetFlattenedContainingGroupIds() []string

func (AzureCloudServiceAdapterDescriptor) GetFlattenedContainingRoleEntities 

func (this AzureCloudServiceAdapterDescriptor) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (AzureCloudServiceAdapterDescriptor) GetLastAccessTime 

func (this AzureCloudServiceAdapterDescriptor) GetLastAccessTime() *string

The last time the service principal was accessed.

func (AzureCloudServiceAdapterDescriptor) GetMostRecentActivity 

func (this AzureCloudServiceAdapterDescriptor) GetMostRecentActivity() *string

The date and time of the account's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (AzureCloudServiceAdapterDescriptor) GetPublisherDomain 

func (this AzureCloudServiceAdapterDescriptor) GetPublisherDomain() *string

The domain name of the application publisher.

func (AzureCloudServiceAdapterDescriptor) GetRegisteredTenantType 

func (this AzureCloudServiceAdapterDescriptor) GetRegisteredTenantType() *RegisteredTenantType

func (AzureCloudServiceAdapterDescriptor) GetServicePrincipalObjectID 

func (this AzureCloudServiceAdapterDescriptor) GetServicePrincipalObjectID() *string

func (AzureCloudServiceAdapterDescriptor) GetSignInAudience 

func (this AzureCloudServiceAdapterDescriptor) GetSignInAudience() *SignInAudience

The type of access this application allows.

func (AzureCloudServiceAdapterDescriptor) GetTenant 

func (this AzureCloudServiceAdapterDescriptor) GetTenant() *string

func (AzureCloudServiceAdapterDescriptor) IsAccountDescriptor 

func (AzureCloudServiceAdapterDescriptor) IsAccountDescriptor()

func (AzureCloudServiceAdapterDescriptor) IsActivityParticipatingAccountDescriptor 

func (AzureCloudServiceAdapterDescriptor) IsActivityParticipatingAccountDescriptor()

func (AzureCloudServiceAdapterDescriptor) IsCloudServiceAdapterDescriptor 

func (AzureCloudServiceAdapterDescriptor) IsCloudServiceAdapterDescriptor()

type AzureCredentialsPrivilegesRole 

type AzureCredentialsPrivilegesRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	AuthorizingRoleIds               []string       `json:"authorizingRoleIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AzureCredentialsPrivilegesRole) GetAuthorizingContainingEntitiesIds 

func (this AzureCredentialsPrivilegesRole) GetAuthorizingContainingEntitiesIds() []string

func (AzureCredentialsPrivilegesRole) GetAuthorizingGroupIds 

func (this AzureCredentialsPrivilegesRole) GetAuthorizingGroupIds() []string

func (AzureCredentialsPrivilegesRole) GetAuthorizingRoleIds 

func (this AzureCredentialsPrivilegesRole) GetAuthorizingRoleIds() []string

func (AzureCredentialsPrivilegesRole) GetBuiltin 

func (this AzureCredentialsPrivilegesRole) GetBuiltin() bool

func (AzureCredentialsPrivilegesRole) GetConfirmed 

func (this AzureCredentialsPrivilegesRole) GetConfirmed() bool

func (AzureCredentialsPrivilegesRole) GetFullPath 

func (this AzureCredentialsPrivilegesRole) GetFullPath() *string

func (AzureCredentialsPrivilegesRole) GetProbability 

func (this AzureCredentialsPrivilegesRole) GetProbability() *float64

func (AzureCredentialsPrivilegesRole) GetType 

func (this AzureCredentialsPrivilegesRole) GetType() EntityRoleType

func (AzureCredentialsPrivilegesRole) IsAdminAccountRole 

func (AzureCredentialsPrivilegesRole) IsAdminAccountRole()

func (AzureCredentialsPrivilegesRole) IsAzurePrivilegedRole 

func (AzureCredentialsPrivilegesRole) IsAzurePrivilegedRole()

func (AzureCredentialsPrivilegesRole) IsEntityRole 

func (AzureCredentialsPrivilegesRole) IsEntityRole()

type AzureDistributionGroupRole 

type AzureDistributionGroupRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (AzureDistributionGroupRole) GetConfirmed 

func (this AzureDistributionGroupRole) GetConfirmed() bool

func (AzureDistributionGroupRole) GetFullPath 

func (this AzureDistributionGroupRole) GetFullPath() *string

func (AzureDistributionGroupRole) GetProbability 

func (this AzureDistributionGroupRole) GetProbability() *float64

func (AzureDistributionGroupRole) GetType 

func (this AzureDistributionGroupRole) GetType() EntityRoleType

func (AzureDistributionGroupRole) IsEntityRole 

func (AzureDistributionGroupRole) IsEntityRole()

type AzureGlobalPrivilegesRole 

type AzureGlobalPrivilegesRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	AuthorizingRoleIds               []string       `json:"authorizingRoleIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AzureGlobalPrivilegesRole) GetAuthorizingContainingEntitiesIds 

func (this AzureGlobalPrivilegesRole) GetAuthorizingContainingEntitiesIds() []string

func (AzureGlobalPrivilegesRole) GetAuthorizingGroupIds 

func (this AzureGlobalPrivilegesRole) GetAuthorizingGroupIds() []string

func (AzureGlobalPrivilegesRole) GetAuthorizingRoleIds 

func (this AzureGlobalPrivilegesRole) GetAuthorizingRoleIds() []string

func (AzureGlobalPrivilegesRole) GetBuiltin 

func (this AzureGlobalPrivilegesRole) GetBuiltin() bool

func (AzureGlobalPrivilegesRole) GetConfirmed 

func (this AzureGlobalPrivilegesRole) GetConfirmed() bool

func (AzureGlobalPrivilegesRole) GetFullPath 

func (this AzureGlobalPrivilegesRole) GetFullPath() *string

func (AzureGlobalPrivilegesRole) GetProbability 

func (this AzureGlobalPrivilegesRole) GetProbability() *float64

func (AzureGlobalPrivilegesRole) GetType 

func (this AzureGlobalPrivilegesRole) GetType() EntityRoleType

func (AzureGlobalPrivilegesRole) IsAdminAccountRole 

func (AzureGlobalPrivilegesRole) IsAdminAccountRole()

func (AzureGlobalPrivilegesRole) IsAzurePrivilegedRole 

func (AzureGlobalPrivilegesRole) IsAzurePrivilegedRole()

func (AzureGlobalPrivilegesRole) IsEntityRole 

func (AzureGlobalPrivilegesRole) IsEntityRole()

type AzureLegacyProtocolUsageRiskFactor 

type AzureLegacyProtocolUsageRiskFactor struct {
	ClientDataSourceIdentifiers []string       `json:"clientDataSourceIdentifiers"`
	Score                       string         `json:"score"`
	Severity                    ScoreSeverity  `json:"severity"`
	Type                        RiskFactorType `json:"type"`
}

func (AzureLegacyProtocolUsageRiskFactor) GetScore 

func (this AzureLegacyProtocolUsageRiskFactor) GetScore() string

func (AzureLegacyProtocolUsageRiskFactor) GetSeverity 

func (this AzureLegacyProtocolUsageRiskFactor) GetSeverity() ScoreSeverity

func (AzureLegacyProtocolUsageRiskFactor) GetType 

func (this AzureLegacyProtocolUsageRiskFactor) GetType() RiskFactorType

func (AzureLegacyProtocolUsageRiskFactor) IsEntityRiskFactor 

func (AzureLegacyProtocolUsageRiskFactor) IsEntityRiskFactor()

type AzureMicrosoft365GroupRole 

type AzureMicrosoft365GroupRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (AzureMicrosoft365GroupRole) GetConfirmed 

func (this AzureMicrosoft365GroupRole) GetConfirmed() bool

func (AzureMicrosoft365GroupRole) GetFullPath 

func (this AzureMicrosoft365GroupRole) GetFullPath() *string

func (AzureMicrosoft365GroupRole) GetProbability 

func (this AzureMicrosoft365GroupRole) GetProbability() *float64

func (AzureMicrosoft365GroupRole) GetType 

func (this AzureMicrosoft365GroupRole) GetType() EntityRoleType

func (AzureMicrosoft365GroupRole) IsEntityRole 

func (AzureMicrosoft365GroupRole) IsEntityRole()

type AzurePrivilegedApplicationControllerRole 

type AzurePrivilegedApplicationControllerRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AzurePrivilegedApplicationControllerRole) GetAffectedEntities 

func (this AzurePrivilegedApplicationControllerRole) GetAffectedEntities() []Entity

func (AzurePrivilegedApplicationControllerRole) GetAuthorizingContainingEntitiesIds 

func (this AzurePrivilegedApplicationControllerRole) GetAuthorizingContainingEntitiesIds() []string

func (AzurePrivilegedApplicationControllerRole) GetAuthorizingGroupIds 

func (this AzurePrivilegedApplicationControllerRole) GetAuthorizingGroupIds() []string

func (AzurePrivilegedApplicationControllerRole) GetBuiltin 

func (this AzurePrivilegedApplicationControllerRole) GetBuiltin() bool

func (AzurePrivilegedApplicationControllerRole) GetConfirmed 

func (this AzurePrivilegedApplicationControllerRole) GetConfirmed() bool

func (AzurePrivilegedApplicationControllerRole) GetEffectedEntityIds 

func (this AzurePrivilegedApplicationControllerRole) GetEffectedEntityIds() []string

func (AzurePrivilegedApplicationControllerRole) GetFullPath 

func (this AzurePrivilegedApplicationControllerRole) GetFullPath() *string

func (AzurePrivilegedApplicationControllerRole) GetProbability 

func (this AzurePrivilegedApplicationControllerRole) GetProbability() *float64

func (AzurePrivilegedApplicationControllerRole) GetType 

func (this AzurePrivilegedApplicationControllerRole) GetType() EntityRoleType

func (AzurePrivilegedApplicationControllerRole) IsAdminAccountRole 

func (AzurePrivilegedApplicationControllerRole) IsAdminAccountRole()

func (AzurePrivilegedApplicationControllerRole) IsEffectiveAdminRole 

func (AzurePrivilegedApplicationControllerRole) IsEffectiveAdminRole()

func (AzurePrivilegedApplicationControllerRole) IsEntityRole 

func (AzurePrivilegedApplicationControllerRole) IsEntityRole()

type AzurePrivilegedRole 

type AzurePrivilegedRole interface {
	IsAzurePrivilegedRole()
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetAuthorizingRoleIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type AzureSecurityGroupRole 

type AzureSecurityGroupRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (AzureSecurityGroupRole) GetConfirmed 

func (this AzureSecurityGroupRole) GetConfirmed() bool

func (AzureSecurityGroupRole) GetFullPath 

func (this AzureSecurityGroupRole) GetFullPath() *string

func (AzureSecurityGroupRole) GetProbability 

func (this AzureSecurityGroupRole) GetProbability() *float64

func (AzureSecurityGroupRole) GetType 

func (this AzureSecurityGroupRole) GetType() EntityRoleType

func (AzureSecurityGroupRole) IsEntityRole 

func (AzureSecurityGroupRole) IsEntityRole()

type AzureSecurityPrivilegesRole 

type AzureSecurityPrivilegesRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	AuthorizingRoleIds               []string       `json:"authorizingRoleIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (AzureSecurityPrivilegesRole) GetAuthorizingContainingEntitiesIds 

func (this AzureSecurityPrivilegesRole) GetAuthorizingContainingEntitiesIds() []string

func (AzureSecurityPrivilegesRole) GetAuthorizingGroupIds 

func (this AzureSecurityPrivilegesRole) GetAuthorizingGroupIds() []string

func (AzureSecurityPrivilegesRole) GetAuthorizingRoleIds 

func (this AzureSecurityPrivilegesRole) GetAuthorizingRoleIds() []string

func (AzureSecurityPrivilegesRole) GetBuiltin 

func (this AzureSecurityPrivilegesRole) GetBuiltin() bool

func (AzureSecurityPrivilegesRole) GetConfirmed 

func (this AzureSecurityPrivilegesRole) GetConfirmed() bool

func (AzureSecurityPrivilegesRole) GetFullPath 

func (this AzureSecurityPrivilegesRole) GetFullPath() *string

func (AzureSecurityPrivilegesRole) GetProbability 

func (this AzureSecurityPrivilegesRole) GetProbability() *float64

func (AzureSecurityPrivilegesRole) GetType 

func (this AzureSecurityPrivilegesRole) GetType() EntityRoleType

func (AzureSecurityPrivilegesRole) IsAdminAccountRole 

func (AzureSecurityPrivilegesRole) IsAdminAccountRole()

func (AzureSecurityPrivilegesRole) IsAzurePrivilegedRole 

func (AzureSecurityPrivilegesRole) IsAzurePrivilegedRole()

func (AzureSecurityPrivilegesRole) IsEntityRole 

func (AzureSecurityPrivilegesRole) IsEntityRole()

type AzureSsoGroupAccountDescriptor 

type AzureSsoGroupAccountDescriptor struct {
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived                bool                     `json:"archived"`
	ContainingGroupEntities []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds      []string                 `json:"containingGroupIds"`
	ContainingRoleEntities  []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime            string                   `json:"creationTime"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource                        DataSource `json:"dataSource"`
	DataSourceConfigurationIdentifier string     `json:"dataSourceConfigurationIdentifier"`
	DataSourceParticipantIdentifier   string     `json:"dataSourceParticipantIdentifier"`
	Description                       *string    `json:"description,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled                          bool                     `json:"enabled"`
	FlattenedContainingGroupEntities []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds      []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities  []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	Tenant                           *string                  `json:"tenant,omitempty"`
}

An account descriptor provides data associated with an external entity source, such as an entry in an identity management system.

func (AzureSsoGroupAccountDescriptor) GetArchived 

func (this AzureSsoGroupAccountDescriptor) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (AzureSsoGroupAccountDescriptor) GetContainingGroupEntities 

func (this AzureSsoGroupAccountDescriptor) GetContainingGroupEntities() []*EntityContainerEntity

func (AzureSsoGroupAccountDescriptor) GetContainingGroupIds 

func (this AzureSsoGroupAccountDescriptor) GetContainingGroupIds() []string

func (AzureSsoGroupAccountDescriptor) GetContainingRoleEntities 

func (this AzureSsoGroupAccountDescriptor) GetContainingRoleEntities() []*EntityContainerEntity

func (AzureSsoGroupAccountDescriptor) GetCreationTime 

func (this AzureSsoGroupAccountDescriptor) GetCreationTime() string

func (AzureSsoGroupAccountDescriptor) GetDataSource 

func (this AzureSsoGroupAccountDescriptor) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (AzureSsoGroupAccountDescriptor) GetDataSourceConfigurationIdentifier 

func (this AzureSsoGroupAccountDescriptor) GetDataSourceConfigurationIdentifier() string

func (AzureSsoGroupAccountDescriptor) GetDataSourceParticipantIdentifier 

func (this AzureSsoGroupAccountDescriptor) GetDataSourceParticipantIdentifier() string

func (AzureSsoGroupAccountDescriptor) GetDescription 

func (this AzureSsoGroupAccountDescriptor) GetDescription() *string

func (AzureSsoGroupAccountDescriptor) GetEnabled 

func (this AzureSsoGroupAccountDescriptor) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (AzureSsoGroupAccountDescriptor) GetFlattenedContainingGroupEntities 

func (this AzureSsoGroupAccountDescriptor) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (AzureSsoGroupAccountDescriptor) GetFlattenedContainingGroupIds 

func (this AzureSsoGroupAccountDescriptor) GetFlattenedContainingGroupIds() []string

func (AzureSsoGroupAccountDescriptor) GetFlattenedContainingRoleEntities 

func (this AzureSsoGroupAccountDescriptor) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (AzureSsoGroupAccountDescriptor) GetTenant 

func (this AzureSsoGroupAccountDescriptor) GetTenant() *string

func (AzureSsoGroupAccountDescriptor) IsAccountDescriptor 

func (AzureSsoGroupAccountDescriptor) IsAccountDescriptor()

func (AzureSsoGroupAccountDescriptor) IsSsoGroupAccountDescriptor 

func (AzureSsoGroupAccountDescriptor) IsSsoGroupAccountDescriptor()

type AzureSsoRoleAccountDescriptor 

type AzureSsoRoleAccountDescriptor struct {
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived     bool   `json:"archived"`
	CreationTime string `json:"creationTime"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource                        DataSource `json:"dataSource"`
	DataSourceConfigurationIdentifier string     `json:"dataSourceConfigurationIdentifier"`
	DataSourceParticipantIdentifier   string     `json:"dataSourceParticipantIdentifier"`
	Description                       *string    `json:"description,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled bool    `json:"enabled"`
	Tenant  *string `json:"tenant,omitempty"`
}

An account descriptor provides data associated with an external entity source, such as an entry in an identity management system.

func (AzureSsoRoleAccountDescriptor) GetArchived 

func (this AzureSsoRoleAccountDescriptor) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (AzureSsoRoleAccountDescriptor) GetCreationTime 

func (this AzureSsoRoleAccountDescriptor) GetCreationTime() string

func (AzureSsoRoleAccountDescriptor) GetDataSource 

func (this AzureSsoRoleAccountDescriptor) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (AzureSsoRoleAccountDescriptor) GetDataSourceConfigurationIdentifier 

func (this AzureSsoRoleAccountDescriptor) GetDataSourceConfigurationIdentifier() string

func (AzureSsoRoleAccountDescriptor) GetDataSourceParticipantIdentifier 

func (this AzureSsoRoleAccountDescriptor) GetDataSourceParticipantIdentifier() string

func (AzureSsoRoleAccountDescriptor) GetDescription 

func (this AzureSsoRoleAccountDescriptor) GetDescription() *string

func (AzureSsoRoleAccountDescriptor) GetEnabled 

func (this AzureSsoRoleAccountDescriptor) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (AzureSsoRoleAccountDescriptor) GetTenant 

func (this AzureSsoRoleAccountDescriptor) GetTenant() *string

func (AzureSsoRoleAccountDescriptor) IsAccountDescriptor 

func (AzureSsoRoleAccountDescriptor) IsAccountDescriptor()

func (AzureSsoRoleAccountDescriptor) IsSsoRoleAccountDescriptor 

func (AzureSsoRoleAccountDescriptor) IsSsoRoleAccountDescriptor()

type AzureSsoUserAccountDescriptor 

type AzureSsoUserAccountDescriptor struct {
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	Archived                bool                     `json:"archived"`
	ContainingEntities      []*EntityContainerEntity `json:"containingEntities"`
	ContainingGroupEntities []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds      []string                 `json:"containingGroupIds"`
	ContainingRoleEntities  []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime            string                   `json:"creationTime"`
	CredentialsDataSource   *DataSource              `json:"credentialsDataSource,omitempty"`
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	DataSource DataSource `json:"dataSource"`
	// The ID of the connector configuration associated with this account.
	DataSourceConfigurationIdentifier string  `json:"dataSourceConfigurationIdentifier"`
	DataSourceLoginIdentifier         *string `json:"dataSourceLoginIdentifier,omitempty"`
	// A unique identifier used by the connector to identify this account.
	DataSourceParticipantIdentifier string  `json:"dataSourceParticipantIdentifier"`
	Department                      *string `json:"department,omitempty"`
	Description                     *string `json:"description,omitempty"`
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	Enabled                          bool                     `json:"enabled"`
	FlattenedContainingGroupEntities []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds      []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities  []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	// The date and time of the account's latest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	MostRecentActivity *string `json:"mostRecentActivity,omitempty"`
	// Information regarding the account's password.
	PasswordAttributes PasswordAttributes `json:"passwordAttributes,omitempty"`
	Tenant             *string            `json:"tenant,omitempty"`
	Title              *string            `json:"title,omitempty"`
}

A specialized `AccountDescriptor` for SSO user accounts.

func (AzureSsoUserAccountDescriptor) GetArchived 

func (this AzureSsoUserAccountDescriptor) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (AzureSsoUserAccountDescriptor) GetContainingEntities 

func (this AzureSsoUserAccountDescriptor) GetContainingEntities() []*EntityContainerEntity

func (AzureSsoUserAccountDescriptor) GetContainingGroupEntities 

func (this AzureSsoUserAccountDescriptor) GetContainingGroupEntities() []*EntityContainerEntity

func (AzureSsoUserAccountDescriptor) GetContainingGroupIds 

func (this AzureSsoUserAccountDescriptor) GetContainingGroupIds() []string

func (AzureSsoUserAccountDescriptor) GetContainingRoleEntities 

func (this AzureSsoUserAccountDescriptor) GetContainingRoleEntities() []*EntityContainerEntity

func (AzureSsoUserAccountDescriptor) GetCreationTime 

func (this AzureSsoUserAccountDescriptor) GetCreationTime() string

func (AzureSsoUserAccountDescriptor) GetCredentialsDataSource 

func (this AzureSsoUserAccountDescriptor) GetCredentialsDataSource() *DataSource

func (AzureSsoUserAccountDescriptor) GetDataSource 

func (this AzureSsoUserAccountDescriptor) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (AzureSsoUserAccountDescriptor) GetDataSourceConfigurationIdentifier 

func (this AzureSsoUserAccountDescriptor) GetDataSourceConfigurationIdentifier() string

The ID of the connector configuration associated with this account.

func (AzureSsoUserAccountDescriptor) GetDataSourceLoginIdentifier 

func (this AzureSsoUserAccountDescriptor) GetDataSourceLoginIdentifier() *string

func (AzureSsoUserAccountDescriptor) GetDataSourceParticipantIdentifier 

func (this AzureSsoUserAccountDescriptor) GetDataSourceParticipantIdentifier() string

A unique identifier used by the connector to identify this account.

func (AzureSsoUserAccountDescriptor) GetDepartment 

func (this AzureSsoUserAccountDescriptor) GetDepartment() *string

func (AzureSsoUserAccountDescriptor) GetDescription 

func (this AzureSsoUserAccountDescriptor) GetDescription() *string

func (AzureSsoUserAccountDescriptor) GetEnabled 

func (this AzureSsoUserAccountDescriptor) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (AzureSsoUserAccountDescriptor) GetFlattenedContainingGroupEntities 

func (this AzureSsoUserAccountDescriptor) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (AzureSsoUserAccountDescriptor) GetFlattenedContainingGroupIds 

func (this AzureSsoUserAccountDescriptor) GetFlattenedContainingGroupIds() []string

func (AzureSsoUserAccountDescriptor) GetFlattenedContainingRoleEntities 

func (this AzureSsoUserAccountDescriptor) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (AzureSsoUserAccountDescriptor) GetMostRecentActivity 

func (this AzureSsoUserAccountDescriptor) GetMostRecentActivity() *string

The date and time of the account's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (AzureSsoUserAccountDescriptor) GetPasswordAttributes 

func (this AzureSsoUserAccountDescriptor) GetPasswordAttributes() PasswordAttributes

Information regarding the account's password.

func (AzureSsoUserAccountDescriptor) GetTenant 

func (this AzureSsoUserAccountDescriptor) GetTenant() *string

func (AzureSsoUserAccountDescriptor) GetTitle 

func (this AzureSsoUserAccountDescriptor) GetTitle() *string

func (AzureSsoUserAccountDescriptor) IsAccountDescriptor 

func (AzureSsoUserAccountDescriptor) IsAccountDescriptor()

func (AzureSsoUserAccountDescriptor) IsActivityParticipatingAccountDescriptor 

func (AzureSsoUserAccountDescriptor) IsActivityParticipatingAccountDescriptor()

func (AzureSsoUserAccountDescriptor) IsSsoUserAccountDescriptor 

func (AzureSsoUserAccountDescriptor) IsSsoUserAccountDescriptor()

func (AzureSsoUserAccountDescriptor) IsUserAccountDescriptor 

func (AzureSsoUserAccountDescriptor) IsUserAccountDescriptor()

type BackupOperatorsAdminRole 

type BackupOperatorsAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (BackupOperatorsAdminRole) GetAuthorizingContainingEntitiesIds 

func (this BackupOperatorsAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (BackupOperatorsAdminRole) GetAuthorizingGroupIds 

func (this BackupOperatorsAdminRole) GetAuthorizingGroupIds() []string

func (BackupOperatorsAdminRole) GetBuiltin 

func (this BackupOperatorsAdminRole) GetBuiltin() bool

func (BackupOperatorsAdminRole) GetConfirmed 

func (this BackupOperatorsAdminRole) GetConfirmed() bool

func (BackupOperatorsAdminRole) GetFullPath 

func (this BackupOperatorsAdminRole) GetFullPath() *string

func (BackupOperatorsAdminRole) GetProbability 

func (this BackupOperatorsAdminRole) GetProbability() *float64

func (BackupOperatorsAdminRole) GetType 

func (this BackupOperatorsAdminRole) GetType() EntityRoleType

func (BackupOperatorsAdminRole) IsAdminAccountRole 

func (BackupOperatorsAdminRole) IsAdminAccountRole()

func (BackupOperatorsAdminRole) IsEntityRole 

func (BackupOperatorsAdminRole) IsEntityRole()

func (BackupOperatorsAdminRole) IsOperatorLevelAdminRole 

func (BackupOperatorsAdminRole) IsOperatorLevelAdminRole()

type BindingType 

type BindingType string

The binding type of an `Association` between two entities.

Binding types can be **Symmetric** or **Asymmetric** (see `Association` for a detailed explanation). 

const (
	// A non-interactive, regular-usage origin association between a `UserEntity` and an `EndpointEntity`.
	//
	// * **Symmetric**: yes
	// * **Association subtype**: `OriginAssociation`
	BindingTypeActivityOrigin BindingType = "ACTIVITY_ORIGIN"
	// An interactive regular-usage origin association between a `UserEntity` and an `EndpointEntity`.
	//
	// * **Symmetric**: yes
	// * **Association subtype**: `OriginAssociation`
	BindingTypeLogin BindingType = "LOGIN"
	// An interactive *mostly-exclusive* regular-usage origin association between a `UserEntity` and an `EndpointEntity`.
	//
	// * **Symmetric**: yes
	// * **Association subtype**: `OriginAssociation`
	BindingTypeOwnership BindingType = "OWNERSHIP"
	// An origin association between a `UserEntity` and an `EndpointEntity` briefly
	// established after a user explicitly confirms the usage of an endpoint.
	//
	// * **Symmetric**: yes
	// * **Association subtype**: `RecentlyVerifiedLoginBindingAssociation`
	BindingTypeRecentlyVerifiedLogin BindingType = "RECENTLY_VERIFIED_LOGIN"
	// A regular target-access association. When set on a `UserEntity`, the
	// SERVICE_ACCESS binding implies that the user regularly accesses the
	// destination using their credentials. When set on an `EndpointEntity`, it
	// implies that the endpoint is regularly used to access a service.
	//
	// * **Symmetric**: no
	// * **Association subtype**: `ServiceAssociation`
	BindingTypeServiceAccess BindingType = "SERVICE_ACCESS"
	// This association represents a regular LDAP authentication of a `UserEntity` on an `EndpointEntity`.
	//
	// * **Symmetric**: no
	// * **Association subtype**: `OriginAssociation`
	BindingTypeLdapAuthentication BindingType = "LDAP_AUTHENTICATION"
	// A *structural* association indicating that a `UserEntity` is configured to execute a service on an `EndpointEntity`.
	//
	// * **Symmetric**: yes
	// * **Association subtype**: `ServiceAssociation`
	BindingTypeServiceExecution BindingType = "SERVICE_EXECUTION"
	// A *structural* origin association indicating that a `UserEntity` is allowed to log into an `EndpointEntity`.
	//
	// * **Symmetric**: yes
	// * **Association subtype**: `OriginAssociation`
	BindingTypeEndpointAuthorization BindingType = "ENDPOINT_AUTHORIZATION"
	// A regular target-access association for cloud services. This association can be set on `UserEntity` only.
	//
	// * **Symmetric**: no
	// * **Association subtype**: `CloudServiceAssociation`
	BindingTypeCloudServiceAccess BindingType = "CLOUD_SERVICE_ACCESS"
	// A regular origin association indicating that the user regularly performs
	// network activities from a certain geographical location.
	//
	// * **Symmetric**: no
	// * **Association subtype**: `GeoLocationAssociation`
	BindingTypeGeoLocation        BindingType = "GEO_LOCATION"
	BindingTypeLocalAdministrator BindingType = "LOCAL_ADMINISTRATOR"
	BindingTypeManage             BindingType = "MANAGE"
	BindingTypeManaged            BindingType = "MANAGED"
	BindingTypeAuthorizer         BindingType = "AUTHORIZER"
	BindingTypeAuthorized         BindingType = "AUTHORIZED"
	BindingTypeRbacAssignment     BindingType = "RBAC_ASSIGNMENT"
	BindingTypeLinkedAccount      BindingType = "LINKED_ACCOUNT"
)

func (BindingType) IsValid 

func (e BindingType) IsValid() bool

func (BindingType) MarshalGQL 

func (e BindingType) MarshalGQL(w io.Writer)

func (BindingType) String 

func (e BindingType) String() string

func (*BindingType) UnmarshalGQL 

func (e *BindingType) UnmarshalGQL(v interface{}) error

type BrowserInfo 

type BrowserInfo struct {
	Name    string  `json:"name"`
	Version *string `json:"version,omitempty"`
}

type BuiltinAdministratorRole 

type BuiltinAdministratorRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (BuiltinAdministratorRole) GetAuthorizingContainingEntitiesIds 

func (this BuiltinAdministratorRole) GetAuthorizingContainingEntitiesIds() []string

func (BuiltinAdministratorRole) GetAuthorizingGroupIds 

func (this BuiltinAdministratorRole) GetAuthorizingGroupIds() []string

func (BuiltinAdministratorRole) GetBuiltin 

func (this BuiltinAdministratorRole) GetBuiltin() bool

func (BuiltinAdministratorRole) GetConfirmed 

func (this BuiltinAdministratorRole) GetConfirmed() bool

func (BuiltinAdministratorRole) GetFullPath 

func (this BuiltinAdministratorRole) GetFullPath() *string

func (BuiltinAdministratorRole) GetProbability 

func (this BuiltinAdministratorRole) GetProbability() *float64

func (BuiltinAdministratorRole) GetType 

func (this BuiltinAdministratorRole) GetType() EntityRoleType

func (BuiltinAdministratorRole) IsAdminAccountRole 

func (BuiltinAdministratorRole) IsAdminAccountRole()

func (BuiltinAdministratorRole) IsDomainLevelAdminRole 

func (BuiltinAdministratorRole) IsDomainLevelAdminRole()

func (BuiltinAdministratorRole) IsEntityRole 

func (BuiltinAdministratorRole) IsEntityRole()

type BulkEntityActionFailure 

type BulkEntityActionFailure struct {
	// The entity-ids for which the action wasn't applied successfully.
	EntityIds []string `json:"entityIds"`
	// The failure reason.
	ErrorDetails ErrorDetails `json:"errorDetails"`
}

A descriptor object for an error applying an action to one or more `Entity` objects.

type BulkEntityActionInput 

type BulkEntityActionInput struct {
	ClientMutationID *string `json:"clientMutationId,omitempty"`
	// Query criteria to match the subject entities by.
	//
	// Usually the query should match entities by selective attributes such as
	// entity-id (see “`EntityQueryInput:entityIds“`) or sam-account-name (see
	// “`EntityQueryInput:samAccountNames“`). Only 1000 entities may be updated at
	// once - the entire operation is aborted with an error if the query criteria
	// exceeds this limit.
	EntityQuery *EntityQueryInput `json:"entityQuery"`
}

Input object for mutations applying an action to multiple entities at once.

type BulkEntityActionResult 

type BulkEntityActionResult struct {
	ClientMutationID *string `json:"clientMutationId,omitempty"`
	// List of failures applying the action, grouped by the failure reason.
	Failures []*BulkEntityActionFailure `json:"failures"`
	// List of successfully updated entities.
	//
	// **Note:** Entity actions are idempotent - even if the said action is
	// effectively a no-op for some entity, it would still be considered
	// *successfully updated*.
	UpdatedEntities []Entity `json:"updatedEntities"`
}

Result object for mutation APIs applying an action to multiple entities at once.

type BusinessPrivilege 

type BusinessPrivilege struct {
	AuthorizingGroupIds []string                `json:"authorizingGroupIds"`
	BusinessPrivilegeID string                  `json:"businessPrivilegeId"`
	Impact              BusinessPrivilegeImpact `json:"impact"`
}

type BusinessPrivilegeImpact 

type BusinessPrivilegeImpact string
const (
	BusinessPrivilegeImpactLow    BusinessPrivilegeImpact = "LOW"
	BusinessPrivilegeImpactMedium BusinessPrivilegeImpact = "MEDIUM"
	BusinessPrivilegeImpactHigh   BusinessPrivilegeImpact = "HIGH"
)

func (BusinessPrivilegeImpact) IsValid 

func (e BusinessPrivilegeImpact) IsValid() bool

func (BusinessPrivilegeImpact) MarshalGQL 

func (e BusinessPrivilegeImpact) MarshalGQL(w io.Writer)

func (BusinessPrivilegeImpact) String 

func (e BusinessPrivilegeImpact) String() string

func (*BusinessPrivilegeImpact) UnmarshalGQL 

func (e *BusinessPrivilegeImpact) UnmarshalGQL(v interface{}) error

type BusinessPrivilegeRole 

type BusinessPrivilegeRole struct {
	AuthorizingContainingEntitiesIds []string             `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string             `json:"authorizingGroupIds"`
	Builtin                          bool                 `json:"builtin"`
	BusinessPrivileges               []*BusinessPrivilege `json:"businessPrivileges"`
	Confirmed                        bool                 `json:"confirmed"`
	FullPath                         *string              `json:"fullPath,omitempty"`
	Probability                      *float64             `json:"probability,omitempty"`
	Type                             EntityRoleType       `json:"type"`
}

func (BusinessPrivilegeRole) GetAuthorizingContainingEntitiesIds 

func (this BusinessPrivilegeRole) GetAuthorizingContainingEntitiesIds() []string

func (BusinessPrivilegeRole) GetAuthorizingGroupIds 

func (this BusinessPrivilegeRole) GetAuthorizingGroupIds() []string

func (BusinessPrivilegeRole) GetBuiltin 

func (this BusinessPrivilegeRole) GetBuiltin() bool

func (BusinessPrivilegeRole) GetConfirmed 

func (this BusinessPrivilegeRole) GetConfirmed() bool

func (BusinessPrivilegeRole) GetFullPath 

func (this BusinessPrivilegeRole) GetFullPath() *string

func (BusinessPrivilegeRole) GetProbability 

func (this BusinessPrivilegeRole) GetProbability() *float64

func (BusinessPrivilegeRole) GetType 

func (this BusinessPrivilegeRole) GetType() EntityRoleType

func (BusinessPrivilegeRole) IsAdminAccountRole 

func (BusinessPrivilegeRole) IsAdminAccountRole()

func (BusinessPrivilegeRole) IsEntityRole 

func (BusinessPrivilegeRole) IsEntityRole()

type BusinessRole 

type BusinessRole string
const (
	BusinessRoleRegular   BusinessRole = "REGULAR"
	BusinessRoleExecutive BusinessRole = "EXECUTIVE"
	BusinessRoleAdmin     BusinessRole = "ADMIN"
	BusinessRoleFinance   BusinessRole = "FINANCE"
	BusinessRoleIt        BusinessRole = "IT"
	BusinessRoleGuest     BusinessRole = "GUEST"
)

func (BusinessRole) IsValid 

func (e BusinessRole) IsValid() bool

func (BusinessRole) MarshalGQL 

func (e BusinessRole) MarshalGQL(w io.Writer)

func (BusinessRole) String 

func (e BusinessRole) String() string

func (*BusinessRole) UnmarshalGQL 

func (e *BusinessRole) UnmarshalGQL(v interface{}) error

type CertificateAuthenticationAsAnyDomainUserRole 

type CertificateAuthenticationAsAnyDomainUserRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	CertificateAuthorityEndpoints    []string       `json:"certificateAuthorityEndpoints"`
	CertificateTemplateNames         []string       `json:"certificateTemplateNames"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (CertificateAuthenticationAsAnyDomainUserRole) GetAffectedEntities 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetAffectedEntities() []Entity

func (CertificateAuthenticationAsAnyDomainUserRole) GetAuthorizingContainingEntitiesIds 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetAuthorizingContainingEntitiesIds() []string

func (CertificateAuthenticationAsAnyDomainUserRole) GetAuthorizingGroupIds 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetAuthorizingGroupIds() []string

func (CertificateAuthenticationAsAnyDomainUserRole) GetBuiltin 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetBuiltin() bool

func (CertificateAuthenticationAsAnyDomainUserRole) GetConfirmed 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetConfirmed() bool

func (CertificateAuthenticationAsAnyDomainUserRole) GetEffectedEntityIds 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetEffectedEntityIds() []string

func (CertificateAuthenticationAsAnyDomainUserRole) GetFullPath 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetFullPath() *string

func (CertificateAuthenticationAsAnyDomainUserRole) GetProbability 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetProbability() *float64

func (CertificateAuthenticationAsAnyDomainUserRole) GetType 

func (this CertificateAuthenticationAsAnyDomainUserRole) GetType() EntityRoleType

func (CertificateAuthenticationAsAnyDomainUserRole) IsAdminAccountRole 

func (CertificateAuthenticationAsAnyDomainUserRole) IsAdminAccountRole()

func (CertificateAuthenticationAsAnyDomainUserRole) IsEffectiveAdminRole 

func (CertificateAuthenticationAsAnyDomainUserRole) IsEffectiveAdminRole()

func (CertificateAuthenticationAsAnyDomainUserRole) IsEntityRole 

func (CertificateAuthenticationAsAnyDomainUserRole) IsEntityRole()

type CertificateAuthority 

type CertificateAuthority struct {
	ID                            string                 `json:"_id"`
	DNSHostName                   string                 `json:"dnsHostName"`
	Name                          string                 `json:"name"`
	PublishedCertificateTemplates []*CertificateTemplate `json:"publishedCertificateTemplates,omitempty"`
}

type CertificateAuthorityAdminRole 

type CertificateAuthorityAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (CertificateAuthorityAdminRole) GetAuthorizingContainingEntitiesIds 

func (this CertificateAuthorityAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (CertificateAuthorityAdminRole) GetAuthorizingGroupIds 

func (this CertificateAuthorityAdminRole) GetAuthorizingGroupIds() []string

func (CertificateAuthorityAdminRole) GetBuiltin 

func (this CertificateAuthorityAdminRole) GetBuiltin() bool

func (CertificateAuthorityAdminRole) GetConfirmed 

func (this CertificateAuthorityAdminRole) GetConfirmed() bool

func (CertificateAuthorityAdminRole) GetFullPath 

func (this CertificateAuthorityAdminRole) GetFullPath() *string

func (CertificateAuthorityAdminRole) GetProbability 

func (this CertificateAuthorityAdminRole) GetProbability() *float64

func (CertificateAuthorityAdminRole) GetType 

func (this CertificateAuthorityAdminRole) GetType() EntityRoleType

func (CertificateAuthorityAdminRole) IsAdminAccountRole 

func (CertificateAuthorityAdminRole) IsAdminAccountRole()

func (CertificateAuthorityAdminRole) IsEntityRole 

func (CertificateAuthorityAdminRole) IsEntityRole()

type CertificateAuthorityServerRole 

type CertificateAuthorityServerRole struct {
	CertificateAuthority *CertificateAuthority `json:"certificateAuthority"`
	Confirmed            bool                  `json:"confirmed"`
	FullPath             *string               `json:"fullPath,omitempty"`
	Impersonator         bool                  `json:"impersonator"`
	Probability          *float64              `json:"probability,omitempty"`
	Type                 EntityRoleType        `json:"type"`
}

func (CertificateAuthorityServerRole) GetConfirmed 

func (this CertificateAuthorityServerRole) GetConfirmed() bool

func (CertificateAuthorityServerRole) GetFullPath 

func (this CertificateAuthorityServerRole) GetFullPath() *string

func (CertificateAuthorityServerRole) GetImpersonator 

func (this CertificateAuthorityServerRole) GetImpersonator() bool

func (CertificateAuthorityServerRole) GetProbability 

func (this CertificateAuthorityServerRole) GetProbability() *float64

func (CertificateAuthorityServerRole) GetType 

func (this CertificateAuthorityServerRole) GetType() EntityRoleType

func (CertificateAuthorityServerRole) IsClassificationRole 

func (CertificateAuthorityServerRole) IsClassificationRole()

func (CertificateAuthorityServerRole) IsEntityRole 

func (CertificateAuthorityServerRole) IsEntityRole()

func (CertificateAuthorityServerRole) IsServerRole 

func (CertificateAuthorityServerRole) IsServerRole()

type CertificateTemplate 

type CertificateTemplate struct {
	ID                       string   `json:"_id"`
	Name                     string   `json:"name"`
	PkiExtendedKeyUsageNames []string `json:"pkiExtendedKeyUsageNames"`
}

type CertificateTemplateAuthenticationBasedRiskFactor 

type CertificateTemplateAuthenticationBasedRiskFactor struct {
	CertificateTemplateNames  []string                   `json:"certificateTemplateNames"`
	InvolvedEntitiesQueryInfo *InvolvedEntitiesQueryInfo `json:"involvedEntitiesQueryInfo"`
	Score                     string                     `json:"score"`
	Severity                  ScoreSeverity              `json:"severity"`
	Type                      RiskFactorType             `json:"type"`
}

func (CertificateTemplateAuthenticationBasedRiskFactor) GetScore 

func (this CertificateTemplateAuthenticationBasedRiskFactor) GetScore() string

func (CertificateTemplateAuthenticationBasedRiskFactor) GetSeverity 

func (this CertificateTemplateAuthenticationBasedRiskFactor) GetSeverity() ScoreSeverity

func (CertificateTemplateAuthenticationBasedRiskFactor) GetType 

func (this CertificateTemplateAuthenticationBasedRiskFactor) GetType() RiskFactorType

func (CertificateTemplateAuthenticationBasedRiskFactor) IsEntityRiskFactor 

func (CertificateTemplateAuthenticationBasedRiskFactor) IsEntityRiskFactor()

type ClassificationRole 

type ClassificationRole interface {
	IsClassificationRole()
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type ClassificationRoleImpl 

type ClassificationRoleImpl struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (ClassificationRoleImpl) GetConfirmed 

func (this ClassificationRoleImpl) GetConfirmed() bool

func (ClassificationRoleImpl) GetFullPath 

func (this ClassificationRoleImpl) GetFullPath() *string

func (ClassificationRoleImpl) GetProbability 

func (this ClassificationRoleImpl) GetProbability() *float64

func (ClassificationRoleImpl) GetType 

func (this ClassificationRoleImpl) GetType() EntityRoleType

func (ClassificationRoleImpl) IsClassificationRole 

func (ClassificationRoleImpl) IsClassificationRole()

func (ClassificationRoleImpl) IsEntityRole 

func (ClassificationRoleImpl) IsEntityRole()

type ClassifyEndpointEntityInput 

type ClassifyEndpointEntityInput struct {
	Classifications  []EndpointEntityClassification `json:"classifications"`
	ClientMutationID *string                        `json:"clientMutationId,omitempty"`
	EntityQuery      *EntityQueryInput              `json:"entityQuery"`
}

type ClassifyUserEntityInput 

type ClassifyUserEntityInput struct {
	Classifications  []UserEntityClassification `json:"classifications"`
	ClientMutationID *string                    `json:"clientMutationId,omitempty"`
	EntityQuery      *EntityQueryInput          `json:"entityQuery"`
}

type CloudActivityOnVulnerableOsRiskFactor 

type CloudActivityOnVulnerableOsRiskFactor struct {
	Score                          string                 `json:"score"`
	Severity                       ScoreSeverity          `json:"severity"`
	Type                           RiskFactorType         `json:"type"`
	UsedVulnerableOperatingSystems []*OperatingSystemInfo `json:"usedVulnerableOperatingSystems"`
}

func (CloudActivityOnVulnerableOsRiskFactor) GetScore 

func (this CloudActivityOnVulnerableOsRiskFactor) GetScore() string

func (CloudActivityOnVulnerableOsRiskFactor) GetSeverity 

func (this CloudActivityOnVulnerableOsRiskFactor) GetSeverity() ScoreSeverity

func (CloudActivityOnVulnerableOsRiskFactor) GetType 

func (this CloudActivityOnVulnerableOsRiskFactor) GetType() RiskFactorType

func (CloudActivityOnVulnerableOsRiskFactor) IsEntityRiskFactor 

func (CloudActivityOnVulnerableOsRiskFactor) IsEntityRiskFactor()

type CloudServiceAdapterDescriptor 

type CloudServiceAdapterDescriptor interface {
	IsCloudServiceAdapterDescriptor()
	// The ID of the tenant in which the application is registered.
	GetAppOwnerOrganizationID() *string
	// The ID of the registered application.
	GetAppRegistrationObjectID() *string
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetContainingGroupEntities() []*EntityContainerEntity
	GetContainingGroupIds() []string
	GetContainingRoleEntities() []*EntityContainerEntity
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	// The ID of the connector configuration associated with this account.
	GetDataSourceConfigurationIdentifier() string
	// A unique identifier the connector uses to identify this account.
	GetDataSourceParticipantIdentifier() string
	GetDescription() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetFlattenedContainingGroupEntities() []*EntityContainerEntity
	GetFlattenedContainingGroupIds() []string
	GetFlattenedContainingRoleEntities() []*EntityContainerEntity
	// The last time the service principal was accessed.
	GetLastAccessTime() *string
	// The date and time of the account's latest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	GetMostRecentActivity() *string
	// The domain name of the application publisher.
	GetPublisherDomain() *string
	GetRegisteredTenantType() *RegisteredTenantType
	GetServicePrincipalObjectID() *string
	// The type of access this application allows.
	GetSignInAudience() *SignInAudience
	GetTenant() *string
}

A specialized `AccountDescriptor` for SSO cloud service accounts.

type CloudServiceAdapterDescriptorImpl 

type CloudServiceAdapterDescriptorImpl struct {
	AppOwnerOrganizationID            *string                  `json:"appOwnerOrganizationId,omitempty"`
	AppRegistrationObjectID           *string                  `json:"appRegistrationObjectId,omitempty"`
	Archived                          bool                     `json:"archived"`
	ContainingGroupEntities           []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds                []string                 `json:"containingGroupIds"`
	ContainingRoleEntities            []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime                      string                   `json:"creationTime"`
	DataSource                        DataSource               `json:"dataSource"`
	DataSourceConfigurationIdentifier string                   `json:"dataSourceConfigurationIdentifier"`
	DataSourceParticipantIdentifier   string                   `json:"dataSourceParticipantIdentifier"`
	Description                       *string                  `json:"description,omitempty"`
	Enabled                           bool                     `json:"enabled"`
	FlattenedContainingGroupEntities  []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds       []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities   []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	LastAccessTime                    *string                  `json:"lastAccessTime,omitempty"`
	MostRecentActivity                *string                  `json:"mostRecentActivity,omitempty"`
	PublisherDomain                   *string                  `json:"publisherDomain,omitempty"`
	RegisteredTenantType              *RegisteredTenantType    `json:"registeredTenantType,omitempty"`
	ServicePrincipalObjectID          *string                  `json:"servicePrincipalObjectId,omitempty"`
	SignInAudience                    *SignInAudience          `json:"signInAudience,omitempty"`
	Tenant                            *string                  `json:"tenant,omitempty"`
}

func (CloudServiceAdapterDescriptorImpl) GetAppOwnerOrganizationID 

func (this CloudServiceAdapterDescriptorImpl) GetAppOwnerOrganizationID() *string

The ID of the tenant in which the application is registered.

func (CloudServiceAdapterDescriptorImpl) GetAppRegistrationObjectID 

func (this CloudServiceAdapterDescriptorImpl) GetAppRegistrationObjectID() *string

The ID of the registered application.

func (CloudServiceAdapterDescriptorImpl) GetArchived 

func (this CloudServiceAdapterDescriptorImpl) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (CloudServiceAdapterDescriptorImpl) GetContainingGroupEntities 

func (this CloudServiceAdapterDescriptorImpl) GetContainingGroupEntities() []*EntityContainerEntity

func (CloudServiceAdapterDescriptorImpl) GetContainingGroupIds 

func (this CloudServiceAdapterDescriptorImpl) GetContainingGroupIds() []string

func (CloudServiceAdapterDescriptorImpl) GetContainingRoleEntities 

func (this CloudServiceAdapterDescriptorImpl) GetContainingRoleEntities() []*EntityContainerEntity

func (CloudServiceAdapterDescriptorImpl) GetCreationTime 

func (this CloudServiceAdapterDescriptorImpl) GetCreationTime() string

func (CloudServiceAdapterDescriptorImpl) GetDataSource 

func (this CloudServiceAdapterDescriptorImpl) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (CloudServiceAdapterDescriptorImpl) GetDataSourceConfigurationIdentifier 

func (this CloudServiceAdapterDescriptorImpl) GetDataSourceConfigurationIdentifier() string

The ID of the connector configuration associated with this account.

func (CloudServiceAdapterDescriptorImpl) GetDataSourceParticipantIdentifier 

func (this CloudServiceAdapterDescriptorImpl) GetDataSourceParticipantIdentifier() string

A unique identifier the connector uses to identify this account.

func (CloudServiceAdapterDescriptorImpl) GetDescription 

func (this CloudServiceAdapterDescriptorImpl) GetDescription() *string

func (CloudServiceAdapterDescriptorImpl) GetEnabled 

func (this CloudServiceAdapterDescriptorImpl) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (CloudServiceAdapterDescriptorImpl) GetFlattenedContainingGroupEntities 

func (this CloudServiceAdapterDescriptorImpl) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (CloudServiceAdapterDescriptorImpl) GetFlattenedContainingGroupIds 

func (this CloudServiceAdapterDescriptorImpl) GetFlattenedContainingGroupIds() []string

func (CloudServiceAdapterDescriptorImpl) GetFlattenedContainingRoleEntities 

func (this CloudServiceAdapterDescriptorImpl) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (CloudServiceAdapterDescriptorImpl) GetLastAccessTime 

func (this CloudServiceAdapterDescriptorImpl) GetLastAccessTime() *string

The last time the service principal was accessed.

func (CloudServiceAdapterDescriptorImpl) GetMostRecentActivity 

func (this CloudServiceAdapterDescriptorImpl) GetMostRecentActivity() *string

The date and time of the account's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (CloudServiceAdapterDescriptorImpl) GetPublisherDomain 

func (this CloudServiceAdapterDescriptorImpl) GetPublisherDomain() *string

The domain name of the application publisher.

func (CloudServiceAdapterDescriptorImpl) GetRegisteredTenantType 

func (this CloudServiceAdapterDescriptorImpl) GetRegisteredTenantType() *RegisteredTenantType

func (CloudServiceAdapterDescriptorImpl) GetServicePrincipalObjectID 

func (this CloudServiceAdapterDescriptorImpl) GetServicePrincipalObjectID() *string

func (CloudServiceAdapterDescriptorImpl) GetSignInAudience 

func (this CloudServiceAdapterDescriptorImpl) GetSignInAudience() *SignInAudience

The type of access this application allows.

func (CloudServiceAdapterDescriptorImpl) GetTenant 

func (this CloudServiceAdapterDescriptorImpl) GetTenant() *string

func (CloudServiceAdapterDescriptorImpl) IsAccountDescriptor 

func (CloudServiceAdapterDescriptorImpl) IsAccountDescriptor()

func (CloudServiceAdapterDescriptorImpl) IsActivityParticipatingAccountDescriptor 

func (CloudServiceAdapterDescriptorImpl) IsActivityParticipatingAccountDescriptor()

func (CloudServiceAdapterDescriptorImpl) IsCloudServiceAdapterDescriptor 

func (CloudServiceAdapterDescriptorImpl) IsCloudServiceAdapterDescriptor()

type CloudServiceAssociation 

type CloudServiceAssociation struct {
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	BindingType BindingType `json:"bindingType"`
	// The associated entity.
	Entity Entity `json:"entity"`
}

A specialized `Association` type for entity associations

func (CloudServiceAssociation) GetBindingType 

func (this CloudServiceAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (CloudServiceAssociation) GetEntity 

func (this CloudServiceAssociation) GetEntity() Entity

The associated entity.

func (CloudServiceAssociation) IsAssociation 

func (CloudServiceAssociation) IsAssociation()

func (CloudServiceAssociation) IsEntityAssociation 

func (CloudServiceAssociation) IsEntityAssociation()

type CloudServiceEntity 

type CloudServiceEntity struct {
	// A list of external, elementary account descriptors used to construct this
	// entity. For instance, the list for a `UserEntity` which is backed by an LDAP
	// domain entry and an IDAAS account will include
	// `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.
	Accounts []AccountDescriptor `json:"accounts"`
	// If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.
	//
	// For entities derived with external data sources, such as LDAP users, an entity
	// is considered archived if its primary account (see `Entity:primaryAccount` is
	// deleted. Entities not associated with any external sources, such as unmanaged
	// endpoints, may also be archived based on a long period of inactivity. Except
	// the `archived` attribute itself, no other attribute of an archived entity is
	// updated. The attributes of an archived entity represent the state of the
	// entity at the time when it was archived.
	Archived bool `json:"archived"`
	// A list of associations of various types (see `Association:bindingType`) that
	// this entity has with other objects, most commonly with other entities. For
	// example, a `UserEntity` may have an `OWNERSHIP` association with an
	// `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`.
	// The semantics for each association type are detailed in `BindingType`.
	Associations []Association `json:"associations"`
	CreationTime string        `json:"creationTime"`
	// The date and time of the entity's earliest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	EarliestSeenTraffic *string `json:"earliestSeenTraffic,omitempty"`
	// The entity's unique identifier.
	EntityID             string `json:"entityId"`
	HasADDomainAdminRole *bool  `json:"hasADDomainAdminRole,omitempty"`
	// A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.
	//
	// “`graphql
	// {
	//   entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
	//   {
	//     nodes
	//     {
	//       type
	//       primaryDisplayName
	//       ... on UserEntity
	//       {
	//         isHuman: hasRole(type: HumanUserAccountRole)
	//         isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
	//         isAdmin: hasRole(type: AdminAccountRole)
	//       }
	//       ... on EndpointEntity
	//       {
	//         isWorkstation: hasRole(type: WorkstationRole)
	//         isServer: hasRole(type: WorkstationRole)
	//       }
	//       isManuallyClassified: hasRole(confirmed: true)
	//     }
	//   }
	// }
	// “`
	HasRole *bool `json:"hasRole,omitempty"`
	// If `true`, the entity is inactive. An entity is considered inactive after 21
	// days since its latest recorded network activity (see `mostRecentActivity`).
	Inactive bool `json:"inactive"`
	// If `true`, the system has gathered enough information to consider this entity *learned*.
	Learned bool `json:"learned"`
	// For marked entities, this is set to the last time the entity was marked.
	MarkTime *string `json:"markTime,omitempty"`
	// The date and time of the entity's latest recorded network activity. This takes
	// into account both the data reported by external sources and the actual traffic
	// seen by the system.
	MostRecentActivity *string `json:"mostRecentActivity,omitempty"`
	// Query open incidents for this entity.
	OpenIncidents *IncidentConnection `json:"openIncidents,omitempty"`
	// The primary display name used to represent this entity in user-facing data.
	//
	// The primary display name is typically shorter than the secondary display name,
	// but is much less likely to be unique across the organization or network. For
	// further details on the semantics, see the documentation for specific types.
	PrimaryDisplayName string `json:"primaryDisplayName"`
	// A list of risk factors contributing to the overall risk of this entity, sorted
	// by `RiskFactorContribution:score` in descending order.
	RiskFactors []EntityRiskFactor `json:"riskFactors"`
	// The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).
	RiskScore string `json:"riskScore"`
	// The entity's risk score derived from `riskScore`.
	RiskScoreSeverity ScoreSeverity `json:"riskScoreSeverity"`
	// A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.
	//
	// For example, a `UserEntity` representing an *account operator* in an Active
	// Directory domain should have an `AccountOperatorsAdminRole` entry on this
	// list. Should the system later learn this privileged account is used by a
	// script rather than a human, its associated entity will also have a
	// `ProgrammaticUserAccountRole`. Similarly, when the system learns that some
	// `EndpointEntity` belongs to a VDI cluster, it tags it with a
	// `VdiEndpointRole`.The model for roles is hierarchical. For example, the
	// aforementioned `AccountOperatorsAdminRole` is a specialization of
	// `OperatorLevelAdminRole`, which by itself is a specialization of
	// `AdminAccountRole`.
	//
	// When roles are queried, this hierarchy is always taken into account.
	// Therefore, querying an entity about the existence of a role also implies that
	// all of its direct and indirect specializations will be queried too. This
	// hierarchy is completely reflected by GraphQL inheritance. For instance, you
	// can see that `ExchangeServerRole` implements `ApplicationServerRole`,  and
	// that the latter implements `ServerRole`.
	//
	// For your convenience, `EntityRole:fullPath` can be projected on the role
	// itself, reperesenting the role type ancestry as breadcrumbs. See
	// `EntityRoleType` for query examples.
	Roles []EntityRole `json:"roles,omitempty"`
	// The secondary display name is used to represent unique name for this entity in the organization or the network.
	SecondaryDisplayName string `json:"secondaryDisplayName"`
	// If `true`, the entity is stale. An entity is considered stale after 90 days of
	// inactivity (see `mostRecentActivity`), as long as it is still effectively part
	// of the network. An account-based entity is not considered part of the network
	// when all of its base accounts are disabled (see `primaryAccount` and
	// `secondaryAccounts`).
	Stale bool `json:"stale"`
	// The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).
	Type EntityType `json:"type"`
	// If `true`, this entity appears on the system watchlist.
	Watched bool `json:"watched"`
}

An abstract `Entity` interface common to all entities that participate in the network activity, as opposed to entities defined by their place in the organization structure.

func (CloudServiceEntity) GetAccounts 

func (this CloudServiceEntity) GetAccounts() []AccountDescriptor

A list of external, elementary account descriptors used to construct this entity. For instance, the list for a `UserEntity` which is backed by an LDAP domain entry and an IDAAS account will include `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.

func (CloudServiceEntity) GetArchived 

func (this CloudServiceEntity) GetArchived() bool

If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.

For entities derived with external data sources, such as LDAP users, an entity is considered archived if its primary account (see `Entity:primaryAccount` is deleted. Entities not associated with any external sources, such as unmanaged endpoints, may also be archived based on a long period of inactivity. Except the `archived` attribute itself, no other attribute of an archived entity is updated. The attributes of an archived entity represent the state of the entity at the time when it was archived.

func (CloudServiceEntity) GetAssociations 

func (this CloudServiceEntity) GetAssociations() []Association

A list of associations of various types (see `Association:bindingType`) that this entity has with other objects, most commonly with other entities. For example, a `UserEntity` may have an `OWNERSHIP` association with an `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`. The semantics for each association type are detailed in `BindingType`.

func (CloudServiceEntity) GetCreationTime 

func (this CloudServiceEntity) GetCreationTime() string

func (CloudServiceEntity) GetEarliestSeenTraffic 

func (this CloudServiceEntity) GetEarliestSeenTraffic() *string

The date and time of the entity's earliest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (CloudServiceEntity) GetEntityID 

func (this CloudServiceEntity) GetEntityID() string

The entity's unique identifier.

func (CloudServiceEntity) GetHasADDomainAdminRole 

func (this CloudServiceEntity) GetHasADDomainAdminRole() *bool

func (CloudServiceEntity) GetHasRole 

func (this CloudServiceEntity) GetHasRole() *bool

A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.

```graphql 

{
  entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
  {
    nodes
    {
      type
      primaryDisplayName
      ... on UserEntity
      {
        isHuman: hasRole(type: HumanUserAccountRole)
        isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
        isAdmin: hasRole(type: AdminAccountRole)
      }
      ... on EndpointEntity
      {
        isWorkstation: hasRole(type: WorkstationRole)
        isServer: hasRole(type: WorkstationRole)
      }
      isManuallyClassified: hasRole(confirmed: true)
    }
  }
}

```

func (CloudServiceEntity) GetInactive 

func (this CloudServiceEntity) GetInactive() bool

If `true`, the entity is inactive. An entity is considered inactive after 21 days since its latest recorded network activity (see `mostRecentActivity`).

func (CloudServiceEntity) GetLearned 

func (this CloudServiceEntity) GetLearned() bool

If `true`, the system has gathered enough information to consider this entity *learned*.

func (CloudServiceEntity) GetMarkTime 

func (this CloudServiceEntity) GetMarkTime() *string

For marked entities, this is set to the last time the entity was marked.

func (CloudServiceEntity) GetMostRecentActivity 

func (this CloudServiceEntity) GetMostRecentActivity() *string

The date and time of the entity's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (CloudServiceEntity) GetOpenIncidents 

func (this CloudServiceEntity) GetOpenIncidents() *IncidentConnection

Query open incidents for this entity.

func (CloudServiceEntity) GetPrimaryDisplayName 

func (this CloudServiceEntity) GetPrimaryDisplayName() string

The primary display name used to represent this entity in user-facing data.

The primary display name is typically shorter than the secondary display name, but is much less likely to be unique across the organization or network. For further details on the semantics, see the documentation for specific types.

func (CloudServiceEntity) GetRiskFactors 

func (this CloudServiceEntity) GetRiskFactors() []EntityRiskFactor

A list of risk factors contributing to the overall risk of this entity, sorted by `RiskFactorContribution:score` in descending order.

func (CloudServiceEntity) GetRiskScore 

func (this CloudServiceEntity) GetRiskScore() string

The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).

func (CloudServiceEntity) GetRiskScoreSeverity 

func (this CloudServiceEntity) GetRiskScoreSeverity() ScoreSeverity

The entity's risk score derived from `riskScore`.

func (CloudServiceEntity) GetRoles 

func (this CloudServiceEntity) GetRoles() []EntityRole

A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.

For example, a `UserEntity` representing an *account operator* in an Active Directory domain should have an `AccountOperatorsAdminRole` entry on this list. Should the system later learn this privileged account is used by a script rather than a human, its associated entity will also have a `ProgrammaticUserAccountRole`. Similarly, when the system learns that some `EndpointEntity` belongs to a VDI cluster, it tags it with a `VdiEndpointRole`.The model for roles is hierarchical. For example, the aforementioned `AccountOperatorsAdminRole` is a specialization of `OperatorLevelAdminRole`, which by itself is a specialization of `AdminAccountRole`.

When roles are queried, this hierarchy is always taken into account. Therefore, querying an entity about the existence of a role also implies that all of its direct and indirect specializations will be queried too. This hierarchy is completely reflected by GraphQL inheritance. For instance, you can see that `ExchangeServerRole` implements `ApplicationServerRole`, and that the latter implements `ServerRole`.

For your convenience, `EntityRole:fullPath` can be projected on the role itself, reperesenting the role type ancestry as breadcrumbs. See `EntityRoleType` for query examples.

func (CloudServiceEntity) GetSecondaryDisplayName 

func (this CloudServiceEntity) GetSecondaryDisplayName() string

The secondary display name is used to represent unique name for this entity in the organization or the network.

func (CloudServiceEntity) GetStale 

func (this CloudServiceEntity) GetStale() bool

If `true`, the entity is stale. An entity is considered stale after 90 days of inactivity (see `mostRecentActivity`), as long as it is still effectively part of the network. An account-based entity is not considered part of the network when all of its base accounts are disabled (see `primaryAccount` and `secondaryAccounts`).

func (CloudServiceEntity) GetType 

func (this CloudServiceEntity) GetType() EntityType

The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).

func (CloudServiceEntity) GetWatched 

func (this CloudServiceEntity) GetWatched() bool

If `true`, this entity appears on the system watchlist.

func (CloudServiceEntity) IsActivityParticipatingEntity 

func (CloudServiceEntity) IsActivityParticipatingEntity()

func (CloudServiceEntity) IsEntity 

func (CloudServiceEntity) IsEntity()

type CommonEngagementSummary 

type CommonEngagementSummary struct {
	EngagementType EngagementType `json:"engagementType"`
}

func (CommonEngagementSummary) GetEngagementType 

func (this CommonEngagementSummary) GetEngagementType() EngagementType

func (CommonEngagementSummary) IsEngagementSummary 

func (CommonEngagementSummary) IsEngagementSummary()

type ConnectorStatus 

type ConnectorStatus string
const (
	ConnectorStatusInitial                      ConnectorStatus = "INITIAL"
	ConnectorStatusSuccess                      ConnectorStatus = "SUCCESS"
	ConnectorStatusCommonError                  ConnectorStatus = "COMMON_ERROR"
	ConnectorStatusCommonConnectionError        ConnectorStatus = "COMMON_CONNECTION_ERROR"
	ConnectorStatusAuthenticationError          ConnectorStatus = "AUTHENTICATION_ERROR"
	ConnectorStatusAuthorizationError           ConnectorStatus = "AUTHORIZATION_ERROR"
	ConnectorStatusDomainNotInWhitelistError    ConnectorStatus = "DOMAIN_NOT_IN_WHITELIST_ERROR"
	ConnectorStatusInvalidClientIDOrSecretError ConnectorStatus = "INVALID_CLIENT_ID_OR_SECRET_ERROR"
	ConnectorStatusMissingPermission            ConnectorStatus = "MISSING_PERMISSION"
	ConnectorStatusMissingPartialPermission     ConnectorStatus = "MISSING_PARTIAL_PERMISSION"
	ConnectorStatusRateLimitExceeded            ConnectorStatus = "RATE_LIMIT_EXCEEDED"
	ConnectorStatusLicenseWillExpireSoon        ConnectorStatus = "LICENSE_WILL_EXPIRE_SOON"
	ConnectorStatusLicenseExpired               ConnectorStatus = "LICENSE_EXPIRED"
)

func (ConnectorStatus) IsValid 

func (e ConnectorStatus) IsValid() bool

func (ConnectorStatus) MarshalGQL 

func (e ConnectorStatus) MarshalGQL(w io.Writer)

func (ConnectorStatus) String 

func (e ConnectorStatus) String() string

func (*ConnectorStatus) UnmarshalGQL 

func (e *ConnectorStatus) UnmarshalGQL(v interface{}) error

type ConstrainedServiceDelegationAdminRole 

type ConstrainedServiceDelegationAdminRole struct {
	AffectedEntities                 []Entity             `json:"affectedEntities"`
	AllowedServices                  []*ServiceDescriptor `json:"allowedServices"`
	AuthorizingContainingEntitiesIds []string             `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string             `json:"authorizingGroupIds"`
	Builtin                          bool                 `json:"builtin"`
	Confirmed                        bool                 `json:"confirmed"`
	EffectedEntityIds                []string             `json:"effectedEntityIds,omitempty"`
	FullPath                         *string              `json:"fullPath,omitempty"`
	Probability                      *float64             `json:"probability,omitempty"`
	Type                             EntityRoleType       `json:"type"`
}

func (ConstrainedServiceDelegationAdminRole) GetAffectedEntities 

func (this ConstrainedServiceDelegationAdminRole) GetAffectedEntities() []Entity

func (ConstrainedServiceDelegationAdminRole) GetAuthorizingContainingEntitiesIds 

func (this ConstrainedServiceDelegationAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (ConstrainedServiceDelegationAdminRole) GetAuthorizingGroupIds 

func (this ConstrainedServiceDelegationAdminRole) GetAuthorizingGroupIds() []string

func (ConstrainedServiceDelegationAdminRole) GetBuiltin 

func (this ConstrainedServiceDelegationAdminRole) GetBuiltin() bool

func (ConstrainedServiceDelegationAdminRole) GetConfirmed 

func (this ConstrainedServiceDelegationAdminRole) GetConfirmed() bool

func (ConstrainedServiceDelegationAdminRole) GetEffectedEntityIds 

func (this ConstrainedServiceDelegationAdminRole) GetEffectedEntityIds() []string

func (ConstrainedServiceDelegationAdminRole) GetFullPath 

func (this ConstrainedServiceDelegationAdminRole) GetFullPath() *string

func (ConstrainedServiceDelegationAdminRole) GetProbability 

func (this ConstrainedServiceDelegationAdminRole) GetProbability() *float64

func (ConstrainedServiceDelegationAdminRole) GetType 

func (this ConstrainedServiceDelegationAdminRole) GetType() EntityRoleType

func (ConstrainedServiceDelegationAdminRole) IsAdminAccountRole 

func (ConstrainedServiceDelegationAdminRole) IsAdminAccountRole()

func (ConstrainedServiceDelegationAdminRole) IsEffectiveAdminRole 

func (ConstrainedServiceDelegationAdminRole) IsEffectiveAdminRole()

func (ConstrainedServiceDelegationAdminRole) IsEntityRole 

func (ConstrainedServiceDelegationAdminRole) IsEntityRole()

func (ConstrainedServiceDelegationAdminRole) IsServiceDelegationAdminRole 

func (ConstrainedServiceDelegationAdminRole) IsServiceDelegationAdminRole()

type ContainerRole 

type ContainerRole interface {
	IsContainerRole()
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type DNSServerRole 

type DNSServerRole struct {
	Confirmed    bool           `json:"confirmed"`
	FullPath     *string        `json:"fullPath,omitempty"`
	Impersonator bool           `json:"impersonator"`
	Probability  *float64       `json:"probability,omitempty"`
	Type         EntityRoleType `json:"type"`
}

func (DNSServerRole) GetConfirmed 

func (this DNSServerRole) GetConfirmed() bool

func (DNSServerRole) GetFullPath 

func (this DNSServerRole) GetFullPath() *string

func (DNSServerRole) GetImpersonator 

func (this DNSServerRole) GetImpersonator() bool

func (DNSServerRole) GetProbability 

func (this DNSServerRole) GetProbability() *float64

func (DNSServerRole) GetType 

func (this DNSServerRole) GetType() EntityRoleType

func (DNSServerRole) IsClassificationRole 

func (DNSServerRole) IsClassificationRole()

func (DNSServerRole) IsEntityRole 

func (DNSServerRole) IsEntityRole()

func (DNSServerRole) IsServerRole 

func (DNSServerRole) IsServerRole()

type DataSource 

type DataSource string

Enumeration of data sources in which system data may originate.

`SNIFFER` is the data source used for on-premises traffic monitored by sensors. Otherwise, most entries are well-known vendor names the system accepts as input. 

const (
	DataSourceSniffer         DataSource = "SNIFFER"
	DataSourceActiveDirectory DataSource = "ACTIVE_DIRECTORY"
	DataSourceAdfs            DataSource = "ADFS"
	DataSourceOkta            DataSource = "OKTA"
	DataSourceAzure           DataSource = "AZURE"
	DataSourcePingIDEntity    DataSource = "PING_IDENTITY"
	DataSourceAws             DataSource = "AWS"
)

func (DataSource) IsValid 

func (e DataSource) IsValid() bool

func (DataSource) MarshalGQL 

func (e DataSource) MarshalGQL(w io.Writer)

func (DataSource) String 

func (e DataSource) String() string

func (*DataSource) UnmarshalGQL 

func (e *DataSource) UnmarshalGQL(v interface{}) error

type DataSourceCategory 

type DataSourceCategory string
const (
	DataSourceCategoryOnPremisesTraffic DataSourceCategory = "ON_PREMISES_TRAFFIC"
	DataSourceCategoryIdaas             DataSourceCategory = "IDAAS"
	DataSourceCategoryOnPremisesSso     DataSourceCategory = "ON_PREMISES_SSO"
	DataSourceCategoryPam               DataSourceCategory = "PAM"
	DataSourceCategoryTraffic           DataSourceCategory = "TRAFFIC"
	DataSourceCategorySso               DataSourceCategory = "SSO"
)

func (DataSourceCategory) IsValid 

func (e DataSourceCategory) IsValid() bool

func (DataSourceCategory) MarshalGQL 

func (e DataSourceCategory) MarshalGQL(w io.Writer)

func (DataSourceCategory) String 

func (e DataSourceCategory) String() string

func (*DataSourceCategory) UnmarshalGQL 

func (e *DataSourceCategory) UnmarshalGQL(v interface{}) error

type DcerpcSignature 

type DcerpcSignature string

An enumeration of DCE/RPC(http://www.dcerpc.org/) activity signatures. 

const (
	DcerpcSignatureDcSync                        DcerpcSignature = "DC_SYNC"
	DcerpcSignatureSpnModification               DcerpcSignature = "SPN_MODIFICATION"
	DcerpcSignatureReplicationServerRegistration DcerpcSignature = "REPLICATION_SERVER_REGISTRATION"
	DcerpcSignatureScheduledTaskCreation         DcerpcSignature = "SCHEDULED_TASK_CREATION"
	DcerpcSignatureRemoteServiceInterface        DcerpcSignature = "REMOTE_SERVICE_INTERFACE"
	DcerpcSignatureNetSessionEnumeration         DcerpcSignature = "NET_SESSION_ENUMERATION"
	DcerpcSignatureSamrInterface                 DcerpcSignature = "SAMR_INTERFACE"
	DcerpcSignatureDcomInterface                 DcerpcSignature = "DCOM_INTERFACE"
	DcerpcSignatureTaskSchduleInterface          DcerpcSignature = "TASK_SCHDULE_INTERFACE"
	DcerpcSignatureIremoteWinspoolInterface      DcerpcSignature = "IREMOTE_WINSPOOL_INTERFACE"
	DcerpcSignatureZerologonExploit              DcerpcSignature = "ZEROLOGON_EXPLOIT"
	DcerpcSignatureCreateService                 DcerpcSignature = "CREATE_SERVICE"
)

func (DcerpcSignature) IsValid 

func (e DcerpcSignature) IsValid() bool

func (DcerpcSignature) MarshalGQL 

func (e DcerpcSignature) MarshalGQL(w io.Writer)

func (DcerpcSignature) String 

func (e DcerpcSignature) String() string

func (*DcerpcSignature) UnmarshalGQL 

func (e *DcerpcSignature) UnmarshalGQL(v interface{}) error

type DefaultPasswordAttributesImpl 

type DefaultPasswordAttributesImpl struct {
	Aged       bool             `json:"aged"`
	Exposed    bool             `json:"exposed"`
	LastChange *string          `json:"lastChange,omitempty"`
	MayExpire  bool             `json:"mayExpire"`
	Strength   PasswordStrength `json:"strength"`
}

func (DefaultPasswordAttributesImpl) GetAged 

func (this DefaultPasswordAttributesImpl) GetAged() bool

func (DefaultPasswordAttributesImpl) GetExposed 

func (this DefaultPasswordAttributesImpl) GetExposed() bool

func (DefaultPasswordAttributesImpl) GetLastChange 

func (this DefaultPasswordAttributesImpl) GetLastChange() *string

func (DefaultPasswordAttributesImpl) GetMayExpire 

func (this DefaultPasswordAttributesImpl) GetMayExpire() bool

func (DefaultPasswordAttributesImpl) GetStrength 

func (this DefaultPasswordAttributesImpl) GetStrength() PasswordStrength

func (DefaultPasswordAttributesImpl) IsPasswordAttributes 

func (DefaultPasswordAttributesImpl) IsPasswordAttributes()

type DistributionGroupRole 

type DistributionGroupRole struct {
	Builtin        bool                      `json:"builtin"`
	Confirmed      bool                      `json:"confirmed"`
	EmailAddresses []string                  `json:"emailAddresses"`
	FullPath       *string                   `json:"fullPath,omitempty"`
	Probability    *float64                  `json:"probability,omitempty"`
	Scope          ActiveDirectoryGroupScope `json:"scope"`
	Type           EntityRoleType            `json:"type"`
}

func (DistributionGroupRole) GetBuiltin 

func (this DistributionGroupRole) GetBuiltin() bool

func (DistributionGroupRole) GetConfirmed 

func (this DistributionGroupRole) GetConfirmed() bool

func (DistributionGroupRole) GetEmailAddresses 

func (this DistributionGroupRole) GetEmailAddresses() []string

func (DistributionGroupRole) GetFullPath 

func (this DistributionGroupRole) GetFullPath() *string

func (DistributionGroupRole) GetProbability 

func (this DistributionGroupRole) GetProbability() *float64

func (DistributionGroupRole) GetScope 

func (this DistributionGroupRole) GetScope() ActiveDirectoryGroupScope

func (DistributionGroupRole) GetType 

func (this DistributionGroupRole) GetType() EntityRoleType

func (DistributionGroupRole) IsActiveDirectoryGroupRole 

func (DistributionGroupRole) IsActiveDirectoryGroupRole()

func (DistributionGroupRole) IsContainerRole 

func (DistributionGroupRole) IsContainerRole()

func (DistributionGroupRole) IsEntityRole 

func (DistributionGroupRole) IsEntityRole()

func (DistributionGroupRole) IsMailingListRole 

func (DistributionGroupRole) IsMailingListRole()

type DomainAdminsRole 

type DomainAdminsRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (DomainAdminsRole) GetAuthorizingContainingEntitiesIds 

func (this DomainAdminsRole) GetAuthorizingContainingEntitiesIds() []string

func (DomainAdminsRole) GetAuthorizingGroupIds 

func (this DomainAdminsRole) GetAuthorizingGroupIds() []string

func (DomainAdminsRole) GetBuiltin 

func (this DomainAdminsRole) GetBuiltin() bool

func (DomainAdminsRole) GetConfirmed 

func (this DomainAdminsRole) GetConfirmed() bool

func (DomainAdminsRole) GetFullPath 

func (this DomainAdminsRole) GetFullPath() *string

func (DomainAdminsRole) GetProbability 

func (this DomainAdminsRole) GetProbability() *float64

func (DomainAdminsRole) GetType 

func (this DomainAdminsRole) GetType() EntityRoleType

func (DomainAdminsRole) IsAdminAccountRole 

func (DomainAdminsRole) IsAdminAccountRole()

func (DomainAdminsRole) IsDomainLevelAdminRole 

func (DomainAdminsRole) IsDomainLevelAdminRole()

func (DomainAdminsRole) IsEntityRole 

func (DomainAdminsRole) IsEntityRole()

type DomainControllerRole 

type DomainControllerRole struct {
	Confirmed    bool           `json:"confirmed"`
	FullPath     *string        `json:"fullPath,omitempty"`
	Impersonator bool           `json:"impersonator"`
	Pdc          *bool          `json:"pdc,omitempty"`
	Probability  *float64       `json:"probability,omitempty"`
	SiteEntity   *string        `json:"siteEntity,omitempty"`
	Type         EntityRoleType `json:"type"`
}

func (DomainControllerRole) GetConfirmed 

func (this DomainControllerRole) GetConfirmed() bool

func (DomainControllerRole) GetFullPath 

func (this DomainControllerRole) GetFullPath() *string

func (DomainControllerRole) GetImpersonator 

func (this DomainControllerRole) GetImpersonator() bool

func (DomainControllerRole) GetProbability 

func (this DomainControllerRole) GetProbability() *float64

func (DomainControllerRole) GetType 

func (this DomainControllerRole) GetType() EntityRoleType

func (DomainControllerRole) IsApplicationServerRole 

func (DomainControllerRole) IsApplicationServerRole()

func (DomainControllerRole) IsClassificationRole 

func (DomainControllerRole) IsClassificationRole()

func (DomainControllerRole) IsEntityRole 

func (DomainControllerRole) IsEntityRole()

func (DomainControllerRole) IsServerRole 

func (DomainControllerRole) IsServerRole()

type DomainControllersAdminRole 

type DomainControllersAdminRole interface {
	IsDomainControllersAdminRole()
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type DomainControllersAdminRoleImpl 

type DomainControllersAdminRoleImpl struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (DomainControllersAdminRoleImpl) GetAuthorizingContainingEntitiesIds 

func (this DomainControllersAdminRoleImpl) GetAuthorizingContainingEntitiesIds() []string

func (DomainControllersAdminRoleImpl) GetAuthorizingGroupIds 

func (this DomainControllersAdminRoleImpl) GetAuthorizingGroupIds() []string

func (DomainControllersAdminRoleImpl) GetBuiltin 

func (this DomainControllersAdminRoleImpl) GetBuiltin() bool

func (DomainControllersAdminRoleImpl) GetConfirmed 

func (this DomainControllersAdminRoleImpl) GetConfirmed() bool

func (DomainControllersAdminRoleImpl) GetFullPath 

func (this DomainControllersAdminRoleImpl) GetFullPath() *string

func (DomainControllersAdminRoleImpl) GetProbability 

func (this DomainControllersAdminRoleImpl) GetProbability() *float64

func (DomainControllersAdminRoleImpl) GetType 

func (this DomainControllersAdminRoleImpl) GetType() EntityRoleType

func (DomainControllersAdminRoleImpl) IsAdminAccountRole 

func (DomainControllersAdminRoleImpl) IsAdminAccountRole()

func (DomainControllersAdminRoleImpl) IsDomainControllersAdminRole 

func (DomainControllersAdminRoleImpl) IsDomainControllersAdminRole()

func (DomainControllersAdminRoleImpl) IsDomainLevelAdminRole 

func (DomainControllersAdminRoleImpl) IsDomainLevelAdminRole()

func (DomainControllersAdminRoleImpl) IsEntityRole 

func (DomainControllersAdminRoleImpl) IsEntityRole()

type DomainLevelAdminRole 

type DomainLevelAdminRole interface {
	IsDomainLevelAdminRole()
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type DuplicatePasswordRiskEntityFactor 

type DuplicatePasswordRiskEntityFactor struct {
	GroupID  string         `json:"groupId"`
	Score    string         `json:"score"`
	Severity ScoreSeverity  `json:"severity"`
	Type     RiskFactorType `json:"type"`
}

func (DuplicatePasswordRiskEntityFactor) GetScore 

func (this DuplicatePasswordRiskEntityFactor) GetScore() string

func (DuplicatePasswordRiskEntityFactor) GetSeverity 

func (this DuplicatePasswordRiskEntityFactor) GetSeverity() ScoreSeverity

func (DuplicatePasswordRiskEntityFactor) GetType 

func (this DuplicatePasswordRiskEntityFactor) GetType() RiskFactorType

func (DuplicatePasswordRiskEntityFactor) IsEntityRiskFactor 

func (DuplicatePasswordRiskEntityFactor) IsEntityRiskFactor()

type EffectiveAdminRole 

type EffectiveAdminRole interface {
	IsEffectiveAdminRole()
	GetAffectedEntities() []Entity
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetEffectedEntityIds() []string
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type EffectiveGpo 

type EffectiveGpo struct {
	Domain  *string `json:"domain,omitempty"`
	GpoName *string `json:"gpoName,omitempty"`
}

type EffectiveReplicatorsAdminRole 

type EffectiveReplicatorsAdminRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (EffectiveReplicatorsAdminRole) GetAffectedEntities 

func (this EffectiveReplicatorsAdminRole) GetAffectedEntities() []Entity

func (EffectiveReplicatorsAdminRole) GetAuthorizingContainingEntitiesIds 

func (this EffectiveReplicatorsAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (EffectiveReplicatorsAdminRole) GetAuthorizingGroupIds 

func (this EffectiveReplicatorsAdminRole) GetAuthorizingGroupIds() []string

func (EffectiveReplicatorsAdminRole) GetBuiltin 

func (this EffectiveReplicatorsAdminRole) GetBuiltin() bool

func (EffectiveReplicatorsAdminRole) GetConfirmed 

func (this EffectiveReplicatorsAdminRole) GetConfirmed() bool

func (EffectiveReplicatorsAdminRole) GetEffectedEntityIds 

func (this EffectiveReplicatorsAdminRole) GetEffectedEntityIds() []string

func (EffectiveReplicatorsAdminRole) GetFullPath 

func (this EffectiveReplicatorsAdminRole) GetFullPath() *string

func (EffectiveReplicatorsAdminRole) GetProbability 

func (this EffectiveReplicatorsAdminRole) GetProbability() *float64

func (EffectiveReplicatorsAdminRole) GetType 

func (this EffectiveReplicatorsAdminRole) GetType() EntityRoleType

func (EffectiveReplicatorsAdminRole) IsAdminAccountRole 

func (EffectiveReplicatorsAdminRole) IsAdminAccountRole()

func (EffectiveReplicatorsAdminRole) IsEffectiveAdminRole 

func (EffectiveReplicatorsAdminRole) IsEffectiveAdminRole()

func (EffectiveReplicatorsAdminRole) IsEntityRole 

func (EffectiveReplicatorsAdminRole) IsEntityRole()

type EndpointEntity 

type EndpointEntity struct {
	// A list of external, elementary account descriptors used to construct this
	// entity. For instance, the list for a `UserEntity` which is backed by an LDAP
	// domain entry and an IDAAS account will include
	// `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.
	Accounts     []AccountDescriptor `json:"accounts"`
	AgentID      *string             `json:"agentId,omitempty"`
	AgentVersion *string             `json:"agentVersion,omitempty"`
	// If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.
	//
	// For entities derived with external data sources, such as LDAP users, an entity
	// is considered archived if its primary account (see `Entity:primaryAccount` is
	// deleted. Entities not associated with any external sources, such as unmanaged
	// endpoints, may also be archived based on a long period of inactivity. Except
	// the `archived` attribute itself, no other attribute of an archived entity is
	// updated. The attributes of an archived entity represent the state of the
	// entity at the time when it was archived.
	Archived bool `json:"archived"`
	// A list of associations of various types (see `Association:bindingType`) that
	// this entity has with other objects, most commonly with other entities. For
	// example, a `UserEntity` may have an `OWNERSHIP` association with an
	// `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`.
	// The semantics for each association type are detailed in `BindingType`.
	Associations []Association `json:"associations"`
	Cid          *string       `json:"cid,omitempty"`
	CreationTime string        `json:"creationTime"`
	// The date and time of the entity's earliest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	EarliestSeenTraffic *string `json:"earliestSeenTraffic,omitempty"`
	// The entity's unique identifier.
	EntityID             string `json:"entityId"`
	GuestAccountEnabled  *bool  `json:"guestAccountEnabled,omitempty"`
	HasADDomainAdminRole *bool  `json:"hasADDomainAdminRole,omitempty"`
	// A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.
	//
	// “`graphql
	// {
	//   entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
	//   {
	//     nodes
	//     {
	//       type
	//       primaryDisplayName
	//       ... on UserEntity
	//       {
	//         isHuman: hasRole(type: HumanUserAccountRole)
	//         isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
	//         isAdmin: hasRole(type: AdminAccountRole)
	//       }
	//       ... on EndpointEntity
	//       {
	//         isWorkstation: hasRole(type: WorkstationRole)
	//         isServer: hasRole(type: WorkstationRole)
	//       }
	//       isManuallyClassified: hasRole(confirmed: true)
	//     }
	//   }
	// }
	// “`
	HasRole *bool `json:"hasRole,omitempty"`
	// The latest recorded host name for this endpoint.
	HostName *string `json:"hostName,omitempty"`
	// The latest calculated impact score for this entity.
	ImpactScore string `json:"impactScore"`
	// If `true`, the entity is inactive. An entity is considered inactive after 21
	// days since its latest recorded network activity (see `mostRecentActivity`).
	Inactive bool `json:"inactive"`
	// The latest recorded IP address for this endpoint.
	LastIPAddress *string `json:"lastIpAddress,omitempty"`
	// If `true`, the system has gathered enough information to consider this entity *learned*.
	Learned bool `json:"learned"`
	// For marked entities, this is set to the last time the entity was marked.
	MarkTime *string `json:"markTime,omitempty"`
	// The date and time of the entity's latest recorded network activity. This takes
	// into account both the data reported by external sources and the actual traffic
	// seen by the system.
	MostRecentActivity *string `json:"mostRecentActivity,omitempty"`
	// Query open incidents for this entity.
	OpenIncidents *IncidentConnection `json:"openIncidents,omitempty"`
	// The latest information about the operating system running on this endpoint.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary display name used to represent this endpoint in user-facing data.
	//
	// For endpoints based on domain accounts, this is derived from the explicit
	// display name, or an analogous attribute, of their primary account. Very often
	// that's the host part of their full DNS host name. Otherwise this is either the
	// `hostName`, if available, or `lastIpAddress`.
	PrimaryDisplayName string `json:"primaryDisplayName"`
	// A list of risk factors contributing to the overall risk of this entity, sorted
	// by `RiskFactorContribution:score` in descending order.
	RiskFactors []EntityRiskFactor `json:"riskFactors"`
	// The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).
	RiskScore string `json:"riskScore"`
	// The entity's risk score derived from `riskScore`.
	RiskScoreSeverity ScoreSeverity `json:"riskScoreSeverity"`
	// A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.
	//
	// For example, a `UserEntity` representing an *account operator* in an Active
	// Directory domain should have an `AccountOperatorsAdminRole` entry on this
	// list. Should the system later learn this privileged account is used by a
	// script rather than a human, its associated entity will also have a
	// `ProgrammaticUserAccountRole`. Similarly, when the system learns that some
	// `EndpointEntity` belongs to a VDI cluster, it tags it with a
	// `VdiEndpointRole`.The model for roles is hierarchical. For example, the
	// aforementioned `AccountOperatorsAdminRole` is a specialization of
	// `OperatorLevelAdminRole`, which by itself is a specialization of
	// `AdminAccountRole`.
	//
	// When roles are queried, this hierarchy is always taken into account.
	// Therefore, querying an entity about the existence of a role also implies that
	// all of its direct and indirect specializations will be queried too. This
	// hierarchy is completely reflected by GraphQL inheritance. For instance, you
	// can see that `ExchangeServerRole` implements `ApplicationServerRole`,  and
	// that the latter implements `ServerRole`.
	//
	// For your convenience, `EntityRole:fullPath` can be projected on the role
	// itself, reperesenting the role type ancestry as breadcrumbs. See
	// `EntityRoleType` for query examples.
	Roles []EntityRole `json:"roles,omitempty"`
	// The secondary display name used to represent this endpoint in user-facing data.
	//
	// For endpoints based on domain accounts, this is set to the same value as
	// `hostName`. Otherwise, this is set to the same value as `lastIpAddress`.
	SecondaryDisplayName string `json:"secondaryDisplayName"`
	// Returns `true` if the system considers this entity shared.
	Shared bool `json:"shared"`
	// If `true`, the entity is stale. An entity is considered stale after 90 days of
	// inactivity (see `mostRecentActivity`), as long as it is still effectively part
	// of the network. An account-based entity is not considered part of the network
	// when all of its base accounts are disabled (see `primaryAccount` and
	// `secondaryAccounts`).
	Stale bool `json:"stale"`
	// List of static IP addresses associated with by this endpoint, as recorded by the system.
	StaticIPAddresses []string `json:"staticIpAddresses"`
	// The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).
	Type EntityType `json:"type"`
	// If `true`, the system considers this endpoint unmanaged.
	//
	// Unmanaged endpoints are, first and foremost, entities lacking an account in
	// any organization domain (`primaryAccount` would also be null in this case).
	// Since, by their nature, such endpoints are not properly reporting their
	// status, certain restrictions are applied to them.
	Unmanaged bool `json:"unmanaged"`
	// If `true`, this entity appears on the system watchlist.
	Watched bool `json:"watched"`
	// The ZTA Score of this endpoint.
	ZtaScore *int `json:"ztaScore,omitempty"`
}

A specialized `Entity` interface for the endpoint, used when `Entity:type` is `ENDPOINT`.

The entity type, as opposed to its classification, is a structural attribute. To differentiate between various kinds of endpoints, check their classification (see `roles` field).

func (EndpointEntity) GetAccounts 

func (this EndpointEntity) GetAccounts() []AccountDescriptor

A list of external, elementary account descriptors used to construct this entity. For instance, the list for a `UserEntity` which is backed by an LDAP domain entry and an IDAAS account will include `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.

func (EndpointEntity) GetArchived 

func (this EndpointEntity) GetArchived() bool

If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.

For entities derived with external data sources, such as LDAP users, an entity is considered archived if its primary account (see `Entity:primaryAccount` is deleted. Entities not associated with any external sources, such as unmanaged endpoints, may also be archived based on a long period of inactivity. Except the `archived` attribute itself, no other attribute of an archived entity is updated. The attributes of an archived entity represent the state of the entity at the time when it was archived.

func (EndpointEntity) GetAssociations 

func (this EndpointEntity) GetAssociations() []Association

A list of associations of various types (see `Association:bindingType`) that this entity has with other objects, most commonly with other entities. For example, a `UserEntity` may have an `OWNERSHIP` association with an `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`. The semantics for each association type are detailed in `BindingType`.

func (EndpointEntity) GetCreationTime 

func (this EndpointEntity) GetCreationTime() string

func (EndpointEntity) GetEarliestSeenTraffic 

func (this EndpointEntity) GetEarliestSeenTraffic() *string

The date and time of the entity's earliest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (EndpointEntity) GetEntityID 

func (this EndpointEntity) GetEntityID() string

The entity's unique identifier.

func (EndpointEntity) GetHasADDomainAdminRole 

func (this EndpointEntity) GetHasADDomainAdminRole() *bool

func (EndpointEntity) GetHasRole 

func (this EndpointEntity) GetHasRole() *bool

A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.

```graphql 

{
  entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
  {
    nodes
    {
      type
      primaryDisplayName
      ... on UserEntity
      {
        isHuman: hasRole(type: HumanUserAccountRole)
        isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
        isAdmin: hasRole(type: AdminAccountRole)
      }
      ... on EndpointEntity
      {
        isWorkstation: hasRole(type: WorkstationRole)
        isServer: hasRole(type: WorkstationRole)
      }
      isManuallyClassified: hasRole(confirmed: true)
    }
  }
}

```

func (EndpointEntity) GetImpactScore 

func (this EndpointEntity) GetImpactScore() string

The latest calculated impact score for this entity.

func (EndpointEntity) GetInactive 

func (this EndpointEntity) GetInactive() bool

If `true`, the entity is inactive. An entity is considered inactive after 21 days since its latest recorded network activity (see `mostRecentActivity`).

func (EndpointEntity) GetLearned 

func (this EndpointEntity) GetLearned() bool

If `true`, the system has gathered enough information to consider this entity *learned*.

func (EndpointEntity) GetMarkTime 

func (this EndpointEntity) GetMarkTime() *string

For marked entities, this is set to the last time the entity was marked.

func (EndpointEntity) GetMostRecentActivity 

func (this EndpointEntity) GetMostRecentActivity() *string

The date and time of the entity's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (EndpointEntity) GetOpenIncidents 

func (this EndpointEntity) GetOpenIncidents() *IncidentConnection

Query open incidents for this entity.

func (EndpointEntity) GetPrimaryDisplayName 

func (this EndpointEntity) GetPrimaryDisplayName() string

The primary display name used to represent this entity in user-facing data.

The primary display name is typically shorter than the secondary display name, but is much less likely to be unique across the organization or network. For further details on the semantics, see the documentation for specific types.

func (EndpointEntity) GetRiskFactors 

func (this EndpointEntity) GetRiskFactors() []EntityRiskFactor

A list of risk factors contributing to the overall risk of this entity, sorted by `RiskFactorContribution:score` in descending order.

func (EndpointEntity) GetRiskScore 

func (this EndpointEntity) GetRiskScore() string

The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).

func (EndpointEntity) GetRiskScoreSeverity 

func (this EndpointEntity) GetRiskScoreSeverity() ScoreSeverity

The entity's risk score derived from `riskScore`.

func (EndpointEntity) GetRoles 

func (this EndpointEntity) GetRoles() []EntityRole

A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.

For example, a `UserEntity` representing an *account operator* in an Active Directory domain should have an `AccountOperatorsAdminRole` entry on this list. Should the system later learn this privileged account is used by a script rather than a human, its associated entity will also have a `ProgrammaticUserAccountRole`. Similarly, when the system learns that some `EndpointEntity` belongs to a VDI cluster, it tags it with a `VdiEndpointRole`.The model for roles is hierarchical. For example, the aforementioned `AccountOperatorsAdminRole` is a specialization of `OperatorLevelAdminRole`, which by itself is a specialization of `AdminAccountRole`.

When roles are queried, this hierarchy is always taken into account. Therefore, querying an entity about the existence of a role also implies that all of its direct and indirect specializations will be queried too. This hierarchy is completely reflected by GraphQL inheritance. For instance, you can see that `ExchangeServerRole` implements `ApplicationServerRole`, and that the latter implements `ServerRole`.

For your convenience, `EntityRole:fullPath` can be projected on the role itself, reperesenting the role type ancestry as breadcrumbs. See `EntityRoleType` for query examples.

func (EndpointEntity) GetSecondaryDisplayName 

func (this EndpointEntity) GetSecondaryDisplayName() string

The secondary display name is used to represent unique name for this entity in the organization or the network.

func (EndpointEntity) GetShared 

func (this EndpointEntity) GetShared() bool

Returns `true` if the system considers this entity shared.

func (EndpointEntity) GetStale 

func (this EndpointEntity) GetStale() bool

If `true`, the entity is stale. An entity is considered stale after 90 days of inactivity (see `mostRecentActivity`), as long as it is still effectively part of the network. An account-based entity is not considered part of the network when all of its base accounts are disabled (see `primaryAccount` and `secondaryAccounts`).

func (EndpointEntity) GetType 

func (this EndpointEntity) GetType() EntityType

The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).

func (EndpointEntity) GetWatched 

func (this EndpointEntity) GetWatched() bool

If `true`, this entity appears on the system watchlist.

func (EndpointEntity) IsActivityParticipatingEntity 

func (EndpointEntity) IsActivityParticipatingEntity()

func (EndpointEntity) IsEntity 

func (EndpointEntity) IsEntity()

func (EndpointEntity) IsUserOrEndpointEntity 

func (EndpointEntity) IsUserOrEndpointEntity()

type EndpointEntityClassification 

type EndpointEntityClassification string
const (
	EndpointEntityClassificationWorkstation       EndpointEntityClassification = "WORKSTATION"
	EndpointEntityClassificationServer            EndpointEntityClassification = "SERVER"
	EndpointEntityClassificationImpersonator      EndpointEntityClassification = "IMPERSONATOR"
	EndpointEntityClassificationApplicationServer EndpointEntityClassification = "APPLICATION_SERVER"
	EndpointEntityClassificationFileServer        EndpointEntityClassification = "FILE_SERVER"
	EndpointEntityClassificationVdiEndpoint       EndpointEntityClassification = "VDI_ENDPOINT"
)

func (EndpointEntityClassification) IsValid 

func (e EndpointEntityClassification) IsValid() bool

func (EndpointEntityClassification) MarshalGQL 

func (e EndpointEntityClassification) MarshalGQL(w io.Writer)

func (EndpointEntityClassification) String 

func (e EndpointEntityClassification) String() string

func (*EndpointEntityClassification) UnmarshalGQL 

func (e *EndpointEntityClassification) UnmarshalGQL(v interface{}) error

type EngagementAuthenticationStatus 

type EngagementAuthenticationStatus string
const (
	EngagementAuthenticationStatusPending             EngagementAuthenticationStatus = "PENDING"
	EngagementAuthenticationStatusApprove             EngagementAuthenticationStatus = "APPROVE"
	EngagementAuthenticationStatusAutoApprove         EngagementAuthenticationStatus = "AUTO_APPROVE"
	EngagementAuthenticationStatusAutoDeny            EngagementAuthenticationStatus = "AUTO_DENY"
	EngagementAuthenticationStatusDenyAndNotFraud     EngagementAuthenticationStatus = "DENY_AND_NOT_FRAUD"
	EngagementAuthenticationStatusDenyAndFraudulent   EngagementAuthenticationStatus = "DENY_AND_FRAUDULENT"
	EngagementAuthenticationStatusDenyAndUnknown      EngagementAuthenticationStatus = "DENY_AND_UNKNOWN"
	EngagementAuthenticationStatusInvalidUserInput    EngagementAuthenticationStatus = "INVALID_USER_INPUT"
	EngagementAuthenticationStatusUserResponseTimeout EngagementAuthenticationStatus = "USER_RESPONSE_TIMEOUT"
	EngagementAuthenticationStatusUserNotEnrolled     EngagementAuthenticationStatus = "USER_NOT_ENROLLED"
	EngagementAuthenticationStatusNoValidAuthorizer   EngagementAuthenticationStatus = "NO_VALID_AUTHORIZER"
	EngagementAuthenticationStatusError               EngagementAuthenticationStatus = "ERROR"
)

func (EngagementAuthenticationStatus) IsValid 

func (e EngagementAuthenticationStatus) IsValid() bool

func (EngagementAuthenticationStatus) MarshalGQL 

func (e EngagementAuthenticationStatus) MarshalGQL(w io.Writer)

func (EngagementAuthenticationStatus) String 

func (e EngagementAuthenticationStatus) String() string

func (*EngagementAuthenticationStatus) UnmarshalGQL 

func (e *EngagementAuthenticationStatus) UnmarshalGQL(v interface{}) error

type EngagementSummary 

type EngagementSummary interface {
	IsEngagementSummary()
	GetEngagementType() EngagementType
}

type EngagementType 

type EngagementType string
const (
	EngagementTypeGoogleAuthEnroll  EngagementType = "GOOGLE_AUTH_ENROLL"
	EngagementTypeEmailVerification EngagementType = "EMAIL_VERIFICATION"
	EngagementTypeEmailNotification EngagementType = "EMAIL_NOTIFICATION"
	EngagementTypeSmsNotification   EngagementType = "SMS_NOTIFICATION"
	EngagementTypeSmsVerification   EngagementType = "SMS_VERIFICATION"
	EngagementTypeMfa               EngagementType = "MFA"
)

func (EngagementType) IsValid 

func (e EngagementType) IsValid() bool

func (EngagementType) MarshalGQL 

func (e EngagementType) MarshalGQL(w io.Writer)

func (EngagementType) String 

func (e EngagementType) String() string

func (*EngagementType) UnmarshalGQL 

func (e *EngagementType) UnmarshalGQL(v interface{}) error

type EnterpriseAdminsRole 

type EnterpriseAdminsRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (EnterpriseAdminsRole) GetAuthorizingContainingEntitiesIds 

func (this EnterpriseAdminsRole) GetAuthorizingContainingEntitiesIds() []string

func (EnterpriseAdminsRole) GetAuthorizingGroupIds 

func (this EnterpriseAdminsRole) GetAuthorizingGroupIds() []string

func (EnterpriseAdminsRole) GetBuiltin 

func (this EnterpriseAdminsRole) GetBuiltin() bool

func (EnterpriseAdminsRole) GetConfirmed 

func (this EnterpriseAdminsRole) GetConfirmed() bool

func (EnterpriseAdminsRole) GetFullPath 

func (this EnterpriseAdminsRole) GetFullPath() *string

func (EnterpriseAdminsRole) GetProbability 

func (this EnterpriseAdminsRole) GetProbability() *float64

func (EnterpriseAdminsRole) GetType 

func (this EnterpriseAdminsRole) GetType() EntityRoleType

func (EnterpriseAdminsRole) IsAdminAccountRole 

func (EnterpriseAdminsRole) IsAdminAccountRole()

func (EnterpriseAdminsRole) IsEntityRole 

func (EnterpriseAdminsRole) IsEntityRole()

func (EnterpriseAdminsRole) IsForestLevelAdminRole 

func (EnterpriseAdminsRole) IsForestLevelAdminRole()

type Entity 

type Entity interface {
	IsEntity()
	// A list of external, elementary account descriptors used to construct this
	// entity. For instance, the list for a `UserEntity` which is backed by an LDAP
	// domain entry and an IDAAS account will include
	// `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.
	GetAccounts() []AccountDescriptor
	// If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.
	//
	// For entities derived with external data sources, such as LDAP users, an entity
	// is considered archived if its primary account (see `Entity:primaryAccount` is
	// deleted. Entities not associated with any external sources, such as unmanaged
	// endpoints, may also be archived based on a long period of inactivity. Except
	// the `archived` attribute itself, no other attribute of an archived entity is
	// updated. The attributes of an archived entity represent the state of the
	// entity at the time when it was archived.
	GetArchived() bool
	// A list of associations of various types (see `Association:bindingType`) that
	// this entity has with other objects, most commonly with other entities. For
	// example, a `UserEntity` may have an `OWNERSHIP` association with an
	// `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`.
	// The semantics for each association type are detailed in `BindingType`.
	GetAssociations() []Association
	GetCreationTime() string
	// The entity's unique identifier.
	GetEntityID() string
	GetHasADDomainAdminRole() *bool
	// A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.
	//
	// “`graphql
	// {
	//   entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
	//   {
	//     nodes
	//     {
	//       type
	//       primaryDisplayName
	//       ... on UserEntity
	//       {
	//         isHuman: hasRole(type: HumanUserAccountRole)
	//         isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
	//         isAdmin: hasRole(type: AdminAccountRole)
	//       }
	//       ... on EndpointEntity
	//       {
	//         isWorkstation: hasRole(type: WorkstationRole)
	//         isServer: hasRole(type: WorkstationRole)
	//       }
	//       isManuallyClassified: hasRole(confirmed: true)
	//     }
	//   }
	// }
	// “`
	GetHasRole() *bool
	// If `true`, the system has gathered enough information to consider this entity *learned*.
	GetLearned() bool
	// For marked entities, this is set to the last time the entity was marked.
	GetMarkTime() *string
	// Query open incidents for this entity.
	GetOpenIncidents() *IncidentConnection
	// The primary display name used to represent this entity in user-facing data.
	//
	// The primary display name is typically shorter than the secondary display name,
	// but is much less likely to be unique across the organization or network. For
	// further details on the semantics, see the documentation for specific types.
	GetPrimaryDisplayName() string
	// A list of risk factors contributing to the overall risk of this entity, sorted
	// by `RiskFactorContribution:score` in descending order.
	GetRiskFactors() []EntityRiskFactor
	// The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).
	GetRiskScore() string
	// The entity's risk score derived from `riskScore`.
	GetRiskScoreSeverity() ScoreSeverity
	// A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.
	//
	// For example, a `UserEntity` representing an *account operator* in an Active
	// Directory domain should have an `AccountOperatorsAdminRole` entry on this
	// list. Should the system later learn this privileged account is used by a
	// script rather than a human, its associated entity will also have a
	// `ProgrammaticUserAccountRole`. Similarly, when the system learns that some
	// `EndpointEntity` belongs to a VDI cluster, it tags it with a
	// `VdiEndpointRole`.The model for roles is hierarchical. For example, the
	// aforementioned `AccountOperatorsAdminRole` is a specialization of
	// `OperatorLevelAdminRole`, which by itself is a specialization of
	// `AdminAccountRole`.
	//
	// When roles are queried, this hierarchy is always taken into account.
	// Therefore, querying an entity about the existence of a role also implies that
	// all of its direct and indirect specializations will be queried too. This
	// hierarchy is completely reflected by GraphQL inheritance. For instance, you
	// can see that `ExchangeServerRole` implements `ApplicationServerRole`,  and
	// that the latter implements `ServerRole`.
	//
	// For your convenience, `EntityRole:fullPath` can be projected on the role
	// itself, reperesenting the role type ancestry as breadcrumbs. See
	// `EntityRoleType` for query examples.
	GetRoles() []EntityRole
	// The secondary display name is used to represent unique name for this entity in the organization or the network.
	GetSecondaryDisplayName() string
	// The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).
	GetType() EntityType
	// If `true`, this entity appears on the system watchlist.
	GetWatched() bool
}

An *Entity* object encapsulates and summarizes all the system information on an organizational or network entity. The most common entities are users and endpoints, but there are also entities representing cloud services and entity groups, such as Active Directory groups. More entity types are expected to be added in the future.

Entity objects are usually derived from external data sources. For instance, all covered user accounts in an Active Directory domain are represented as entities. However, entities very often integrate data from multiple sources. The network traffic monitored by the system is a primary source for behavioral attributes of entities, such as the human versus programmatic classification or the association of owned endpoints (see `roles`, `associations`). Moreover, entities not always represent a single account: an LDAP user, for example, may be correlated with an IDaaS account, resulting in a single, unified entity.

Entities are polymorphic. Attributes for specific entity types can be projected from a specialized interface (e.g. `UserOrEndpointEntity`, `EndpointEntity`). See the `EntityType` enum documentation for the mapping between entity types and entity interfaces.

type EntityAccountQuery 

type EntityAccountQuery struct {
	Archived *bool `json:"archived,omitempty"`
	// Query for any value of the account's `dataSourceLoginIdentifier` field. The search is case-insensitive.
	DataSourceLoginIdentifiers []string `json:"dataSourceLoginIdentifiers,omitempty"`
	// Query for any value of the account's `dataSourceParticipantIdentifier` field. The search is case-insensitive.
	DataSourceParticipantIdentifiers []string `json:"dataSourceParticipantIdentifiers,omitempty"`
	// Query for any value of the account's `dataSource` field.
	DataSources []DataSource `json:"dataSources,omitempty"`
	// Query for any value of the account's `department` field. The search is case-insensitive.
	Departments []string `json:"departments,omitempty"`
	// Query for any value of the account's `domain` using a `WildcardPattern` search. The search is case-insensitive.
	DomainPattern *string `json:"domainPattern,omitempty"`
	// Query for any value of the account's `domain` field. The search is case-insensitive.
	Domains []string `json:"domains,omitempty"`
	// Query for the value of the account's `enabled` field.
	Enabled *bool `json:"enabled,omitempty"`
	// Query for any value of the account's `objectGuid` field. The search is case-insensitive.
	ObjectGuids []string `json:"objectGuids,omitempty"`
	// Query for any value of the account's `objectSid` field. The search is case-insensitive.
	ObjectSids []string `json:"objectSids,omitempty"`
	OuPattern  *string  `json:"ouPattern,omitempty"`
	Ous        []string `json:"ous,omitempty"`
	// Query for any value of the account's `samAccountName` using a `WildcardPattern` search. The search is case-insensitive.
	SamAccountNamePattern *string `json:"samAccountNamePattern,omitempty"`
	// Query for any value of the account's `samAccountName` field. The search is case-insensitive.
	SamAccountNames         []string                  `json:"samAccountNames,omitempty"`
	UserAccountControlFlags []UserAccountControlFlags `json:"userAccountControlFlags,omitempty"`
}

Query criteria for entity accounts.

type EntityAssociation 

type EntityAssociation interface {
	IsEntityAssociation()
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	GetBindingType() BindingType
	// The associated entity.
	GetEntity() Entity
}

A specialized `Association` type for entity associations

type EntityAssociationImpl 

type EntityAssociationImpl struct {
	BindingType BindingType `json:"bindingType"`
	Entity      Entity      `json:"entity"`
}

func (EntityAssociationImpl) GetBindingType 

func (this EntityAssociationImpl) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (EntityAssociationImpl) GetEntity 

func (this EntityAssociationImpl) GetEntity() Entity

The associated entity.

func (EntityAssociationImpl) IsAssociation 

func (EntityAssociationImpl) IsAssociation()

func (EntityAssociationImpl) IsEntityAssociation 

func (EntityAssociationImpl) IsEntityAssociation()

type EntityAssociationQuery 

type EntityAssociationQuery struct {
	// Query for any value of `Association:bindingType`. A matching entity must have
	// at least one `Association` of any of the specified binding types.
	BindingTypes []BindingType `json:"bindingTypes,omitempty"`
	// Query for associated `EntityAssociation:entity` matching all entity query criteria.
	//
	// “`graphql
	// ##### List users regularly accessing Azure Portal
	// {
	//     entities(
	//         associationQuery: {
	//             bindingTypes: [CLOUD_SERVICE_ACCESS]
	//             entityQuery: {
	//                 # Querying by primaryDisplayNames for demonstration purposes - It's generally recommended to use
	//                 # more reliable identifiers, such as the entityId (queryable via the entityIds argument)
	//                 primaryDisplayNames: ["Azure Portal"]
	//             }
	//         }
	//         types: [USER]
	//         archived: false
	//         first: 2)
	//     {
	//         nodes {
	//             primaryDisplayName
	//             secondaryDisplayName
	//         }
	//     }
	// }
	// “`
	EntityQuery *EntityQueryInput `json:"entityQuery,omitempty"`
}

Query criteria for `Association` type for entity associations.

type EntityConnection 

type EntityConnection struct {
	// List of `Entity` edges.
	Edges []*EntityEdge `json:"edges"`
	// Information to aid in pagination.
	PageInfo *PageInfo `json:"pageInfo"`
	// A convenience extension to the standard Relay Connection type, directly
	// exposing the `Entity` elements, which may be used *instead* of edges. It is
	// primarily useful in conjunction with `startCursor` and `endCursor`, or when
	// exploring the API interactively (e.g. in GraphiQL).
	Nodes []Entity `json:"nodes"`
}

A [Relay-Compatible](https://facebook.github.io/relay/graphql/connections.htm) Connection type for paginating over `Entity` elements.

type EntityContainerEntity 

type EntityContainerEntity struct {
	// A list of external, elementary account descriptors used to construct this
	// entity. For instance, the list for a `UserEntity` which is backed by an LDAP
	// domain entry and an IDAAS account will include
	// `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.
	Accounts []AccountDescriptor `json:"accounts"`
	// If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.
	//
	// For entities derived with external data sources, such as LDAP users, an entity
	// is considered archived if its primary account (see `Entity:primaryAccount` is
	// deleted. Entities not associated with any external sources, such as unmanaged
	// endpoints, may also be archived based on a long period of inactivity. Except
	// the `archived` attribute itself, no other attribute of an archived entity is
	// updated. The attributes of an archived entity represent the state of the
	// entity at the time when it was archived.
	Archived bool `json:"archived"`
	// A list of associations of various types (see `Association:bindingType`) that
	// this entity has with other objects, most commonly with other entities. For
	// example, a `UserEntity` may have an `OWNERSHIP` association with an
	// `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`.
	// The semantics for each association type are detailed in `BindingType`.
	Associations  []Association       `json:"associations"`
	ContainerType EntityContainerType `json:"containerType"`
	CreationTime  string              `json:"creationTime"`
	// The entity's unique identifier.
	EntityID             string `json:"entityId"`
	HasADDomainAdminRole *bool  `json:"hasADDomainAdminRole,omitempty"`
	// A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.
	//
	// “`graphql
	// {
	//   entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
	//   {
	//     nodes
	//     {
	//       type
	//       primaryDisplayName
	//       ... on UserEntity
	//       {
	//         isHuman: hasRole(type: HumanUserAccountRole)
	//         isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
	//         isAdmin: hasRole(type: AdminAccountRole)
	//       }
	//       ... on EndpointEntity
	//       {
	//         isWorkstation: hasRole(type: WorkstationRole)
	//         isServer: hasRole(type: WorkstationRole)
	//       }
	//       isManuallyClassified: hasRole(confirmed: true)
	//     }
	//   }
	// }
	// “`
	HasRole *bool `json:"hasRole,omitempty"`
	// If `true`, the system has gathered enough information to consider this entity *learned*.
	Learned bool `json:"learned"`
	// For marked entities, this is set to the last time the entity was marked.
	MarkTime *string `json:"markTime,omitempty"`
	// Query open incidents for this entity.
	OpenIncidents *IncidentConnection `json:"openIncidents,omitempty"`
	// The primary display name used to represent this entity in user-facing data.
	//
	// The primary display name is typically shorter than the secondary display name,
	// but is much less likely to be unique across the organization or network. For
	// further details on the semantics, see the documentation for specific types.
	PrimaryDisplayName string `json:"primaryDisplayName"`
	// A list of risk factors contributing to the overall risk of this entity, sorted
	// by `RiskFactorContribution:score` in descending order.
	RiskFactors []EntityRiskFactor `json:"riskFactors"`
	// The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).
	RiskScore string `json:"riskScore"`
	// The entity's risk score derived from `riskScore`.
	RiskScoreSeverity ScoreSeverity `json:"riskScoreSeverity"`
	// A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.
	//
	// For example, a `UserEntity` representing an *account operator* in an Active
	// Directory domain should have an `AccountOperatorsAdminRole` entry on this
	// list. Should the system later learn this privileged account is used by a
	// script rather than a human, its associated entity will also have a
	// `ProgrammaticUserAccountRole`. Similarly, when the system learns that some
	// `EndpointEntity` belongs to a VDI cluster, it tags it with a
	// `VdiEndpointRole`.The model for roles is hierarchical. For example, the
	// aforementioned `AccountOperatorsAdminRole` is a specialization of
	// `OperatorLevelAdminRole`, which by itself is a specialization of
	// `AdminAccountRole`.
	//
	// When roles are queried, this hierarchy is always taken into account.
	// Therefore, querying an entity about the existence of a role also implies that
	// all of its direct and indirect specializations will be queried too. This
	// hierarchy is completely reflected by GraphQL inheritance. For instance, you
	// can see that `ExchangeServerRole` implements `ApplicationServerRole`,  and
	// that the latter implements `ServerRole`.
	//
	// For your convenience, `EntityRole:fullPath` can be projected on the role
	// itself, reperesenting the role type ancestry as breadcrumbs. See
	// `EntityRoleType` for query examples.
	Roles []EntityRole `json:"roles,omitempty"`
	// The secondary display name is used to represent unique name for this entity in the organization or the network.
	SecondaryDisplayName string `json:"secondaryDisplayName"`
	// The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).
	Type EntityType `json:"type"`
	// If `true`, this entity appears on the system watchlist.
	Watched bool `json:"watched"`
}

An *Entity* object encapsulates and summarizes all the system information on an organizational or network entity. The most common entities are users and endpoints, but there are also entities representing cloud services and entity groups, such as Active Directory groups. More entity types are expected to be added in the future.

Entity objects are usually derived from external data sources. For instance, all covered user accounts in an Active Directory domain are represented as entities. However, entities very often integrate data from multiple sources. The network traffic monitored by the system is a primary source for behavioral attributes of entities, such as the human versus programmatic classification or the association of owned endpoints (see `roles`, `associations`). Moreover, entities not always represent a single account: an LDAP user, for example, may be correlated with an IDaaS account, resulting in a single, unified entity.

Entities are polymorphic. Attributes for specific entity types can be projected from a specialized interface (e.g. `UserOrEndpointEntity`, `EndpointEntity`). See the `EntityType` enum documentation for the mapping between entity types and entity interfaces.

func (EntityContainerEntity) GetAccounts 

func (this EntityContainerEntity) GetAccounts() []AccountDescriptor

A list of external, elementary account descriptors used to construct this entity. For instance, the list for a `UserEntity` which is backed by an LDAP domain entry and an IDAAS account will include `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.

func (EntityContainerEntity) GetArchived 

func (this EntityContainerEntity) GetArchived() bool

If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.

For entities derived with external data sources, such as LDAP users, an entity is considered archived if its primary account (see `Entity:primaryAccount` is deleted. Entities not associated with any external sources, such as unmanaged endpoints, may also be archived based on a long period of inactivity. Except the `archived` attribute itself, no other attribute of an archived entity is updated. The attributes of an archived entity represent the state of the entity at the time when it was archived.

func (EntityContainerEntity) GetAssociations 

func (this EntityContainerEntity) GetAssociations() []Association

A list of associations of various types (see `Association:bindingType`) that this entity has with other objects, most commonly with other entities. For example, a `UserEntity` may have an `OWNERSHIP` association with an `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`. The semantics for each association type are detailed in `BindingType`.

func (EntityContainerEntity) GetCreationTime 

func (this EntityContainerEntity) GetCreationTime() string

func (EntityContainerEntity) GetEntityID 

func (this EntityContainerEntity) GetEntityID() string

The entity's unique identifier.

func (EntityContainerEntity) GetHasADDomainAdminRole 

func (this EntityContainerEntity) GetHasADDomainAdminRole() *bool

func (EntityContainerEntity) GetHasRole 

func (this EntityContainerEntity) GetHasRole() *bool

A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.

```graphql 

{
  entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
  {
    nodes
    {
      type
      primaryDisplayName
      ... on UserEntity
      {
        isHuman: hasRole(type: HumanUserAccountRole)
        isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
        isAdmin: hasRole(type: AdminAccountRole)
      }
      ... on EndpointEntity
      {
        isWorkstation: hasRole(type: WorkstationRole)
        isServer: hasRole(type: WorkstationRole)
      }
      isManuallyClassified: hasRole(confirmed: true)
    }
  }
}

```

func (EntityContainerEntity) GetLearned 

func (this EntityContainerEntity) GetLearned() bool

If `true`, the system has gathered enough information to consider this entity *learned*.

func (EntityContainerEntity) GetMarkTime 

func (this EntityContainerEntity) GetMarkTime() *string

For marked entities, this is set to the last time the entity was marked.

func (EntityContainerEntity) GetOpenIncidents 

func (this EntityContainerEntity) GetOpenIncidents() *IncidentConnection

Query open incidents for this entity.

func (EntityContainerEntity) GetPrimaryDisplayName 

func (this EntityContainerEntity) GetPrimaryDisplayName() string

The primary display name used to represent this entity in user-facing data.

The primary display name is typically shorter than the secondary display name, but is much less likely to be unique across the organization or network. For further details on the semantics, see the documentation for specific types.

func (EntityContainerEntity) GetRiskFactors 

func (this EntityContainerEntity) GetRiskFactors() []EntityRiskFactor

A list of risk factors contributing to the overall risk of this entity, sorted by `RiskFactorContribution:score` in descending order.

func (EntityContainerEntity) GetRiskScore 

func (this EntityContainerEntity) GetRiskScore() string

The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).

func (EntityContainerEntity) GetRiskScoreSeverity 

func (this EntityContainerEntity) GetRiskScoreSeverity() ScoreSeverity

The entity's risk score derived from `riskScore`.

func (EntityContainerEntity) GetRoles 

func (this EntityContainerEntity) GetRoles() []EntityRole

A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.

For example, a `UserEntity` representing an *account operator* in an Active Directory domain should have an `AccountOperatorsAdminRole` entry on this list. Should the system later learn this privileged account is used by a script rather than a human, its associated entity will also have a `ProgrammaticUserAccountRole`. Similarly, when the system learns that some `EndpointEntity` belongs to a VDI cluster, it tags it with a `VdiEndpointRole`.The model for roles is hierarchical. For example, the aforementioned `AccountOperatorsAdminRole` is a specialization of `OperatorLevelAdminRole`, which by itself is a specialization of `AdminAccountRole`.

When roles are queried, this hierarchy is always taken into account. Therefore, querying an entity about the existence of a role also implies that all of its direct and indirect specializations will be queried too. This hierarchy is completely reflected by GraphQL inheritance. For instance, you can see that `ExchangeServerRole` implements `ApplicationServerRole`, and that the latter implements `ServerRole`.

For your convenience, `EntityRole:fullPath` can be projected on the role itself, reperesenting the role type ancestry as breadcrumbs. See `EntityRoleType` for query examples.

func (EntityContainerEntity) GetSecondaryDisplayName 

func (this EntityContainerEntity) GetSecondaryDisplayName() string

The secondary display name is used to represent unique name for this entity in the organization or the network.

func (EntityContainerEntity) GetType 

func (this EntityContainerEntity) GetType() EntityType

The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).

func (EntityContainerEntity) GetWatched 

func (this EntityContainerEntity) GetWatched() bool

If `true`, this entity appears on the system watchlist.

func (EntityContainerEntity) IsEntity 

func (EntityContainerEntity) IsEntity()

type EntityContainerType 

type EntityContainerType string
const (
	EntityContainerTypeActiveDirectoryGroup EntityContainerType = "ACTIVE_DIRECTORY_GROUP"
	EntityContainerTypeAzureGroup           EntityContainerType = "AZURE_GROUP"
	EntityContainerTypeAzureRole            EntityContainerType = "AZURE_ROLE"
	EntityContainerTypeAwsGroup             EntityContainerType = "AWS_GROUP"
)

func (EntityContainerType) IsValid 

func (e EntityContainerType) IsValid() bool

func (EntityContainerType) MarshalGQL 

func (e EntityContainerType) MarshalGQL(w io.Writer)

func (EntityContainerType) String 

func (e EntityContainerType) String() string

func (*EntityContainerType) UnmarshalGQL 

func (e *EntityContainerType) UnmarshalGQL(v interface{}) error

type EntityEdge 

type EntityEdge struct {
	// Cursor pointing to this edge, to be used in standard pagination query arguments (`before`, `after`).
	Cursor string `json:"cursor"`
	// The `Entity` item at the end of this edge.
	Node Entity `json:"node"`
}

A `Entity` edge in a connection.

type EntityImpl 

type EntityImpl struct {
	Accounts             []AccountDescriptor `json:"accounts"`
	Archived             bool                `json:"archived"`
	Associations         []Association       `json:"associations"`
	CreationTime         string              `json:"creationTime"`
	EntityID             string              `json:"entityId"`
	HasADDomainAdminRole *bool               `json:"hasADDomainAdminRole,omitempty"`
	HasRole              *bool               `json:"hasRole,omitempty"`
	Learned              bool                `json:"learned"`
	MarkTime             *string             `json:"markTime,omitempty"`
	OpenIncidents        *IncidentConnection `json:"openIncidents,omitempty"`
	PrimaryDisplayName   string              `json:"primaryDisplayName"`
	RiskFactors          []EntityRiskFactor  `json:"riskFactors"`
	RiskScore            string              `json:"riskScore"`
	RiskScoreSeverity    ScoreSeverity       `json:"riskScoreSeverity"`
	Roles                []EntityRole        `json:"roles,omitempty"`
	SecondaryDisplayName string              `json:"secondaryDisplayName"`
	Type                 EntityType          `json:"type"`
	Watched              bool                `json:"watched"`
}

func (EntityImpl) GetAccounts 

func (this EntityImpl) GetAccounts() []AccountDescriptor

A list of external, elementary account descriptors used to construct this entity. For instance, the list for a `UserEntity` which is backed by an LDAP domain entry and an IDAAS account will include `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.

func (EntityImpl) GetArchived 

func (this EntityImpl) GetArchived() bool

If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.

For entities derived with external data sources, such as LDAP users, an entity is considered archived if its primary account (see `Entity:primaryAccount` is deleted. Entities not associated with any external sources, such as unmanaged endpoints, may also be archived based on a long period of inactivity. Except the `archived` attribute itself, no other attribute of an archived entity is updated. The attributes of an archived entity represent the state of the entity at the time when it was archived.

func (EntityImpl) GetAssociations 

func (this EntityImpl) GetAssociations() []Association

A list of associations of various types (see `Association:bindingType`) that this entity has with other objects, most commonly with other entities. For example, a `UserEntity` may have an `OWNERSHIP` association with an `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`. The semantics for each association type are detailed in `BindingType`.

func (EntityImpl) GetCreationTime 

func (this EntityImpl) GetCreationTime() string

func (EntityImpl) GetEntityID 

func (this EntityImpl) GetEntityID() string

The entity's unique identifier.

func (EntityImpl) GetHasADDomainAdminRole 

func (this EntityImpl) GetHasADDomainAdminRole() *bool

func (EntityImpl) GetHasRole 

func (this EntityImpl) GetHasRole() *bool

A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.

```graphql 

{
  entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
  {
    nodes
    {
      type
      primaryDisplayName
      ... on UserEntity
      {
        isHuman: hasRole(type: HumanUserAccountRole)
        isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
        isAdmin: hasRole(type: AdminAccountRole)
      }
      ... on EndpointEntity
      {
        isWorkstation: hasRole(type: WorkstationRole)
        isServer: hasRole(type: WorkstationRole)
      }
      isManuallyClassified: hasRole(confirmed: true)
    }
  }
}

```

func (EntityImpl) GetLearned 

func (this EntityImpl) GetLearned() bool

If `true`, the system has gathered enough information to consider this entity *learned*.

func (EntityImpl) GetMarkTime 

func (this EntityImpl) GetMarkTime() *string

For marked entities, this is set to the last time the entity was marked.

func (EntityImpl) GetOpenIncidents 

func (this EntityImpl) GetOpenIncidents() *IncidentConnection

Query open incidents for this entity.

func (EntityImpl) GetPrimaryDisplayName 

func (this EntityImpl) GetPrimaryDisplayName() string

The primary display name used to represent this entity in user-facing data.

The primary display name is typically shorter than the secondary display name, but is much less likely to be unique across the organization or network. For further details on the semantics, see the documentation for specific types.

func (EntityImpl) GetRiskFactors 

func (this EntityImpl) GetRiskFactors() []EntityRiskFactor

A list of risk factors contributing to the overall risk of this entity, sorted by `RiskFactorContribution:score` in descending order.

func (EntityImpl) GetRiskScore 

func (this EntityImpl) GetRiskScore() string

The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).

func (EntityImpl) GetRiskScoreSeverity 

func (this EntityImpl) GetRiskScoreSeverity() ScoreSeverity

The entity's risk score derived from `riskScore`.

func (EntityImpl) GetRoles 

func (this EntityImpl) GetRoles() []EntityRole

A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.

For example, a `UserEntity` representing an *account operator* in an Active Directory domain should have an `AccountOperatorsAdminRole` entry on this list. Should the system later learn this privileged account is used by a script rather than a human, its associated entity will also have a `ProgrammaticUserAccountRole`. Similarly, when the system learns that some `EndpointEntity` belongs to a VDI cluster, it tags it with a `VdiEndpointRole`.The model for roles is hierarchical. For example, the aforementioned `AccountOperatorsAdminRole` is a specialization of `OperatorLevelAdminRole`, which by itself is a specialization of `AdminAccountRole`.

When roles are queried, this hierarchy is always taken into account. Therefore, querying an entity about the existence of a role also implies that all of its direct and indirect specializations will be queried too. This hierarchy is completely reflected by GraphQL inheritance. For instance, you can see that `ExchangeServerRole` implements `ApplicationServerRole`, and that the latter implements `ServerRole`.

For your convenience, `EntityRole:fullPath` can be projected on the role itself, reperesenting the role type ancestry as breadcrumbs. See `EntityRoleType` for query examples.

func (EntityImpl) GetSecondaryDisplayName 

func (this EntityImpl) GetSecondaryDisplayName() string

The secondary display name is used to represent unique name for this entity in the organization or the network.

func (EntityImpl) GetType 

func (this EntityImpl) GetType() EntityType

The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).

func (EntityImpl) GetWatched 

func (this EntityImpl) GetWatched() bool

If `true`, this entity appears on the system watchlist.

func (EntityImpl) IsEntity 

func (EntityImpl) IsEntity()

type EntityMembershipType 

type EntityMembershipType string
const (
	EntityMembershipTypeUserInDepartment         EntityMembershipType = "USER_IN_DEPARTMENT"
	EntityMembershipTypeUserInOrganizationalUnit EntityMembershipType = "USER_IN_ORGANIZATIONAL_UNIT"
)

func (EntityMembershipType) IsValid 

func (e EntityMembershipType) IsValid() bool

func (EntityMembershipType) MarshalGQL 

func (e EntityMembershipType) MarshalGQL(w io.Writer)

func (EntityMembershipType) String 

func (e EntityMembershipType) String() string

func (*EntityMembershipType) UnmarshalGQL 

func (e *EntityMembershipType) UnmarshalGQL(v interface{}) error

type EntityQueryInput 

type EntityQueryInput struct {
	// Query for entities which were created before the specified date.
	AccountCreationEndTime *string `json:"accountCreationEndTime,omitempty"`
	// Query for entities which were created on or after the specified date.
	AccountCreationStartTime *string `json:"accountCreationStartTime,omitempty"`
	// Query for entities that have an account set to expire before the specified
	// date (see `ActiveDirectoryAccountDescriptor::expirationTime`).
	//
	// “`graphql
	// {
	//   ##### Accounts expiring in the next 3 months
	//   entities(accountExpirationStartTime: "P0D", # Now
	//            accountExpirationEndTime: "P3M", # Now + 3 months
	//            first: 100)
	//   {
	//     nodes
	//     {
	//       primaryDisplayName
	//       accounts
	//       {
	//         ... on ActiveDirectoryAccountDescriptor
	//         {
	//           expirationTime
	//         }
	//       }
	//     }
	//   }
	// }
	// “`
	AccountExpirationEndTime *string `json:"accountExpirationEndTime,omitempty"`
	// Query for entities that have an account set to expire on or after the
	// specified date (see `ActiveDirectoryAccountDescriptor::expirationTime`).
	//
	// “`graphql
	// {
	//   ##### Accounts expiring in the next 3 months
	//   entities(accountExpirationStartTime: "P0D", # Now
	//            accountExpirationEndTime: "P3M", # Now + 3 months
	//            first: 100)
	//   {
	//     nodes
	//     {
	//       primaryDisplayName
	//       accounts
	//       {
	//         ... on ActiveDirectoryAccountDescriptor
	//         {
	//           expirationTime
	//         }
	//       }
	//     }
	//   }
	// }
	// “`
	AccountExpirationStartTime *string `json:"accountExpirationStartTime,omitempty"`
	// Query for entities which are currently locked out of one of their accounts
	// (see `ActiveDirectoryAccountDescriptor:enabled`). If `false`, query for all
	// other entities.
	AccountLocked *bool `json:"accountLocked,omitempty"`
	// Query for entities having at least one account matching all of the specified query criteria.
	AccountQuery *EntityAccountQuery `json:"accountQuery,omitempty"`
	AgentIds     []string            `json:"agentIds,omitempty"`
	// The query is a match if all specified conditions are true
	All []*EntityQueryInput `json:"all,omitempty"`
	// The query is a match if any of the specified conditions are true
	Any []*EntityQueryInput `json:"any,omitempty"`
	// Query for entities whose `Entity` attribute is set as `Entity:archived`.
	Archived *bool `json:"archived,omitempty"`
	// Query for any value of `Entity:associations:bindingType`. A matching entity
	// must have at least one `Association` of any of the specified binding types.
	AssociationBindingTypes []BindingType `json:"associationBindingTypes,omitempty"`
	// Query for entities having at least one association matching all query criteria.
	//
	// “`graphql
	// ##### List users regularly accessing Azure Portal
	// {
	//     entities(
	//         associationQuery: {
	//             bindingTypes: [CLOUD_SERVICE_ACCESS]
	//             entityQuery: {
	//                 # Querying by primaryDisplayNames for demonstration purposes - It's generally recommended to use
	//                 # more reliable identifiers, such as the entityId (queryable via the entityIds argument)
	//                 primaryDisplayNames: ["Azure Portal"]
	//             }
	//         }
	//         types: [USER]
	//         archived: false
	//         first: 2)
	//     {
	//         nodes {
	//             primaryDisplayName
	//             secondaryDisplayName
	//         }
	//     }
	// }
	// “`
	AssociationQuery *EntityAssociationQuery `json:"associationQuery,omitempty"`
	// Query for any value of `HumanUserAccountRole:businessRole`. Only entities classified as Human can be matched.
	BusinessRoles []BusinessRole `json:"businessRoles,omitempty"`
	// Query for entities that have at least one SSO account on a cloud service.
	CloudEnabled *bool `json:"cloudEnabled,omitempty"`
	// Query for entities that have accounts only on cloud directories.
	CloudOnly      *bool                 `json:"cloudOnly,omitempty"`
	ContainerTypes []EntityContainerType `json:"containerTypes,omitempty"`
	// Query for any value of `AccountDescriptor.dataSource` in all entity's accounts.
	DataSources []DataSource `json:"dataSources,omitempty"`
	// Query for any value of `ActiveDirectoryAccountDescriptor:department` in all
	// entity's accounts. The search is case-insensitive.
	Departments []string `json:"departments,omitempty"`
	// Query for entities which are directly member of any of the Active Directory
	// group entities matched by the given query input. To query all members, use the
	// `memberOfActiveDirectoryGroups` query argument instead.
	//
	// #### Examples
	// “`graphql
	// #### Querying for group membership - direct vs. all memebers
	// {
	//     # We're using then primaryDisplayName argument here for the sake of the demo. In production code, it's much
	//     # better to use a more reliable identifier, such as the entityIds or the secondaryDisplayNames query arguments.
	//
	//     direct: entities(
	//         first: 2
	//         directMemberOfActiveDirectoryGroups: {
	//             primaryDisplayNames: ["Administrators"]
	//         }) {
	//         nodes {
	//             type
	//             primaryDisplayName
	//             secondaryDisplayName
	//         }
	//     }
	//
	//     directAndIndirect: entities(
	//         first: 2
	//         memberOfActiveDirectoryGroups: {
	//            primaryDisplayNames: ["Administrators"]
	//         }) {
	//         nodes {
	//             type
	//             primaryDisplayName
	//             secondaryDisplayName
	//         }
	//     }
	// }
	// “`
	DirectMemberOfActiveDirectoryGroups *EntityQueryInput `json:"directMemberOfActiveDirectoryGroups,omitempty"`
	// Query for entities which are member of any of the entity containers matched by the given query input.
	DirectMemberOfContainers *EntityQueryInput `json:"directMemberOfContainers,omitempty"`
	// Query for any value of `ActiveDirectoryEntryDescriptor:domain` in all entity's
	// accounts using a `WildcardPattern` search. The search is case-insensitive.
	DomainPattern *string `json:"domainPattern,omitempty"`
	// Query for any value of `ActiveDirectoryEntryDescriptor:domain` in all entity's accounts. The search is case-insensitive.
	Domains                  []string `json:"domains,omitempty"`
	DuplicatePasswordGroupID *string  `json:"duplicatePasswordGroupId,omitempty"`
	// Query for any value of `UserEndpoint:emailAddress` using a `WildcardPattern` search. The search is case-insensitive.
	EmailAddressPattern *string  `json:"emailAddressPattern,omitempty"`
	EmailAddresses      []string `json:"emailAddresses,omitempty"`
	// Query for value of `AccountDescriptor:enabled` in all entity's accounts.
	Enabled *bool `json:"enabled,omitempty"`
	// Query for entities which are either `enabled` or `unmanaged`.
	EnabledOrUnmanaged *bool `json:"enabledOrUnmanaged,omitempty"`
	// Query for any value of `Entity:entityId`.
	EntityIds  []string `json:"entityIds,omitempty"`
	HasAccount *bool    `json:"hasAccount,omitempty"`
	// Query for entities one of whose accounts has an aged password (see `PasswordAttributes:aged`).
	HasAgedPassword *bool `json:"hasAgedPassword,omitempty"`
	HasAgent        *bool `json:"hasAgent,omitempty"`
	HasAnySpn       *bool `json:"hasAnySPN,omitempty"`
	HasEmailAddress *bool `json:"hasEmailAddress,omitempty"`
	// Query for entities one of whose accounts has an exposed password (see `PasswordAttributes:exposed`).
	HasExposedPassword *bool `json:"hasExposedPassword,omitempty"`
	HasLinkedAccounts  *bool `json:"hasLinkedAccounts,omitempty"`
	// Query for entities one of whose accounts has a never-expiring password (see `PasswordAttributes:mayExpire`).
	HasNeverExpiringPassword *bool `json:"hasNeverExpiringPassword,omitempty"`
	// Query for entities which participate in at least one open incident (see `Incident:state`).
	HasOpenIncidents   *bool `json:"hasOpenIncidents,omitempty"`
	HasStaticIPAddress *bool `json:"hasStaticIpAddress,omitempty"`
	// Query for endpoint entities with a vulnerable operating system (see `EndpointEntity::operatingSystemInfo`).
	//
	// All `OperatingSystemVulnerability` values except `NONE` and `UNKNOWN` are considered *vulnerable*.
	HasVulnerableOs *bool `json:"hasVulnerableOs,omitempty"`
	// Query for entities one of whose accounts has a weak password (see `PasswordAttributes:strength`).
	HasWeakPassword *bool `json:"hasWeakPassword,omitempty"`
	// Query for any value of `EndpointEntity:hostName` using a `WildcardPattern` search. The search is case-insensitive.
	HostNamePattern *string `json:"hostNamePattern,omitempty"`
	// Query for any value of `EndpointEntity:hostName`. The search is case-insensitive.
	HostNames []string `json:"hostNames,omitempty"`
	ID        *string  `json:"id,omitempty"`
	Ids       []string `json:"ids,omitempty"`
	// Query for endpoints typically used for impersonation. An `impersonator `
	// endpoint has at least one `ServerRole` (or one of its sub-types) for which
	// `ServerRole:impersonator` is set to `true`.
	Impersonator *bool `json:"impersonator,omitempty"`
	// Query for entities whose `ActivityParticipatingEntity` attribute is set as `ActivityParticipatingEntity:inactive`.
	Inactive            *bool   `json:"inactive,omitempty"`
	InsightCounterID    *string `json:"insightCounterId,omitempty"`
	InsightsQuery       *string `json:"insightsQuery,omitempty"`
	LastUpdateEndTime   *string `json:"lastUpdateEndTime,omitempty"`
	LastUpdateStartTime *string `json:"lastUpdateStartTime,omitempty"`
	// Query for a value of `Entity:learned`.
	Learned             *bool    `json:"learned,omitempty"`
	LinkingSuggestions  *string  `json:"linkingSuggestions,omitempty"`
	LocalAdminEntityIds []string `json:"localAdminEntityIds,omitempty"`
	// Query for marked entities (see `Entity:markTime`).
	Marked *bool `json:"marked,omitempty"`
	// Query for a maximal value of `Entity:riskScoreSeverity`.
	MaxRiskScoreSeverity *ScoreSeverity `json:"maxRiskScoreSeverity,omitempty"`
	// Query for entities which are member of any of the Active Directory group
	// entities matched by the given query input, directly via another group. To
	// query for direct members only, use the `directMemberOfActiveDirectoryGroups`
	// query argument instead.
	//
	// #### Examples
	// “`graphql
	// #### Querying for group membership - direct vs. all memebers
	// {
	//     # We're using then primaryDisplayName argument here for the sake of the demo. In production code, it's much
	//     # better to use a more reliable identifier, such as the entityIds or the secondaryDisplayNames query arguments.
	//
	//     direct: entities(
	//         first: 2
	//         directMemberOfActiveDirectoryGroups: {
	//             primaryDisplayNames: ["Administrators"]
	//         }) {
	//         nodes {
	//             type
	//             primaryDisplayName
	//             secondaryDisplayName
	//         }
	//     }
	//
	//     directAndIndirect: entities(
	//         first: 2
	//         memberOfActiveDirectoryGroups: {
	//            primaryDisplayNames: ["Administrators"]
	//         }) {
	//         nodes {
	//             type
	//             primaryDisplayName
	//             secondaryDisplayName
	//         }
	//     }
	// }
	// “`
	MemberOfActiveDirectoryGroups *EntityQueryInput `json:"memberOfActiveDirectoryGroups,omitempty"`
	// Query for entities which are member of any of the entity containers matched by
	// the given query input, directly via another group. To query for direct members
	// only, use the `directMemberOfContainers` query argument instead.
	MemberOfContainers *EntityQueryInput `json:"memberOfContainers,omitempty"`
	// Query for a minimal value of `Entity:riskScoreSeverity`.
	MinRiskScoreSeverity *ScoreSeverity `json:"minRiskScoreSeverity,omitempty"`
	// Query for entities with any recorded network activity before the specified date.
	MostRecentActivityEndTime *string `json:"mostRecentActivityEndTime,omitempty"`
	// Query for entities with any recorded network activity on of after the specified date.
	MostRecentActivityStartTime *string `json:"mostRecentActivityStartTime,omitempty"`
	// Query for entities with any recorded on premise network activity before the specified date.
	MostRecentOnPremiseActivityEndTime *string `json:"mostRecentOnPremiseActivityEndTime,omitempty"`
	// Query for entities with any recorded on premise network activity on of after the specified date.
	MostRecentOnPremiseActivityStartTime *string `json:"mostRecentOnPremiseActivityStartTime,omitempty"`
	// Query for entities with any recorded SSO network activity before the specified date.
	MostRecentSSOActivityEndTime *string `json:"mostRecentSSOActivityEndTime,omitempty"`
	// Query for entities with any recorded SSO network activity on of after the specified date.
	MostRecentSSOActivityStartTime *string `json:"mostRecentSSOActivityStartTime,omitempty"`
	NameSearch                     *string `json:"nameSearch,omitempty"`
	NeverLoggedOn                  *bool   `json:"neverLoggedOn,omitempty"`
	// The query is a match if this conditions are not true
	//
	// “`graphql
	// ##### List privileged entities, except those who have Extensive Local Administrators role
	// {
	//     entities(roles: [AdminAccountRole]
	//              not: {roles: [LocalAdminRole]}
	//              archived: false
	//              first: 2)
	//     {
	//         nodes {
	//             primaryDisplayName
	//             secondaryDisplayName
	//             roles {
	//                 type
	//             }
	//         }
	//     }
	// }
	// “`
	Not                     *EntityQueryInput `json:"not,omitempty"`
	ObjectSids              []string          `json:"objectSids,omitempty"`
	OperatingSystemFamilies []string          `json:"operatingSystemFamilies,omitempty"`
	OuPattern               *string           `json:"ouPattern,omitempty"`
	Ous                     []string          `json:"ous,omitempty"`
	// Query for user entities whose password changed before the specified date.
	PasswordLastChangeEndTime *string `json:"passwordLastChangeEndTime,omitempty"`
	// Query for user entities whose password changed on or after the specified date.
	PasswordLastChangeStartTime *string  `json:"passwordLastChangeStartTime,omitempty"`
	PasswordTokens              []string `json:"passwordTokens,omitempty"`
	// Query for any value of `Entity:primaryDisplayName` using a `WildcardPattern` search. The search is case-insensitive.
	PrimaryDisplayNamePattern *string `json:"primaryDisplayNamePattern,omitempty"`
	// Query for any value of `Entity:primaryDisplayName`.
	PrimaryDisplayNames []string `json:"primaryDisplayNames,omitempty"`
	// Query for any value of `RiskFactorContribution:type` given each entity's risk factors (see `riskFactors`).
	RiskFactorTypes []RiskFactorType `json:"riskFactorTypes,omitempty"`
	// Query for entities whose risk-score is equal or greater than the specified value.
	RiskScoreLowerBound *string `json:"riskScoreLowerBound,omitempty"`
	// Query for entities whose risk-score is lower than the specified value.
	RiskScoreUpperBound *string `json:"riskScoreUpperBound,omitempty"`
	// Query for user entities having a RBAC role assignment association matching query criteria
	//
	// “`graphql
	// ##### List role display names associated with the following scope id
	// {
	//     entities(first:1, associationBindingTypes: [RBAC_ASSIGNMENT],
	//         roleAssignmentAssociationQuery: {
	//             scopeIds: ["dedf3e09-aa9a-4f7e-b3f1-9a30ea597797"]
	//         }) {
	//         nodes {
	//             associations {
	//                 ... on SsoRbacAssignmentAssociation {
	//                     roles {
	//                         displayName
	//                     }
	//                 }
	//             }
	//         }
	//     }
	// }
	// “`
	RoleAssignmentAssociationQuery *RoleAssignmentAssociationQuery `json:"roleAssignmentAssociationQuery,omitempty"`
	// **Deprecated**. Use `roles`, `all` instead.
	RoleGroups [][]EntityRoleType `json:"roleGroups,omitempty"`
	// Query `Entity:roles`. A matching entity is guaranteed to have at least one of the specified role types.
	Roles []EntityRoleType `json:"roles,omitempty"`
	// Query for any value of `ActiveDirectoryAccountDescriptor:samAccountName` in
	// all entity's accounts using a `WildcardPattern` search. The search is
	// case-insensitive.
	SamAccountNamePattern *string `json:"samAccountNamePattern,omitempty"`
	// Query for any value of `ActiveDirectoryAccountDescriptor:samAccountName` in
	// all entity's accounts. The search is case-insensitive.
	//
	// “`graphql
	// ##### Look up a user by their sam-account-name
	// {
	//   # Query for the built-in "Administrator" account.
	//   # This is merely an illustration of the samAccountNames query argument.
	//   # See the roles query argument for more powerful options to query
	//   # privileged accounts
	//   entities(samAccountNames: ["administrator"]
	//            # Uncomment and fill in your domain here to ensure
	//            # a single match
	//            # domain: "MY.DOMAIN"
	//            archived: false
	//            first: 1)
	//   {
	//     nodes {
	//       entityId
	//       primaryDisplayName
	//       secondaryDisplayName
	//       roles
	//       {
	//         type
	//       }
	//         ... on UserOrEndpointEntity
	//         {
	//           riskScoreSeverity
	//         }
	//     }
	//   }
	// }
	// “`
	SamAccountNames []string `json:"samAccountNames,omitempty"`
	// Query for any value of `Entity:secondaryDisplayName` using a `WildcardPattern` search. The search is case-insensitive.
	SecondaryDisplayNamePattern *string `json:"secondaryDisplayNamePattern,omitempty"`
	// Query for any value of `Entity:secondaryDisplayName`.
	SecondaryDisplayNames []string `json:"secondaryDisplayNames,omitempty"`
	// Query for entities whose `UserOrEndpointEntity` attribute is set as `UserOrEndpointEntity:shared`.
	Shared *bool `json:"shared,omitempty"`
	// Query for entities whose `ActivityParticipatingEntity` attribute is set as `ActivityParticipatingEntity:stale`.
	Stale   *bool       `json:"stale,omitempty"`
	Tenants []string    `json:"tenants,omitempty"`
	Type    *EntityType `json:"type,omitempty"`
	// Query for any value of `Entity:type`.
	Types []EntityType `json:"types,omitempty"`
	// Query for unmanaged endpoints (see `EndpointEntity:unmanaged`).
	Unmanaged               *bool                     `json:"unmanaged,omitempty"`
	UserAccountControlFlags []UserAccountControlFlags `json:"userAccountControlFlags,omitempty"`
	// Query for any instance of `Entity:watched`.
	Watched *bool `json:"watched,omitempty"`
}

Query criteria for filtering results by `Entity` attributes.

All specified criteria must be met for a result to match.

type EntityRiskFactor 

type EntityRiskFactor interface {
	IsEntityRiskFactor()
	GetScore() string
	GetSeverity() ScoreSeverity
	GetType() RiskFactorType
}

type EntityRiskFactorImpl 

type EntityRiskFactorImpl struct {
	Score    string         `json:"score"`
	Severity ScoreSeverity  `json:"severity"`
	Type     RiskFactorType `json:"type"`
}

func (EntityRiskFactorImpl) GetScore 

func (this EntityRiskFactorImpl) GetScore() string

func (EntityRiskFactorImpl) GetSeverity 

func (this EntityRiskFactorImpl) GetSeverity() ScoreSeverity

func (EntityRiskFactorImpl) GetType 

func (this EntityRiskFactorImpl) GetType() RiskFactorType

func (EntityRiskFactorImpl) IsEntityRiskFactor 

func (EntityRiskFactorImpl) IsEntityRiskFactor()

type EntityRole 

type EntityRole interface {
	IsEntityRole()
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type EntityRoleImpl 

type EntityRoleImpl struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (EntityRoleImpl) GetConfirmed 

func (this EntityRoleImpl) GetConfirmed() bool

func (EntityRoleImpl) GetFullPath 

func (this EntityRoleImpl) GetFullPath() *string

func (EntityRoleImpl) GetProbability 

func (this EntityRoleImpl) GetProbability() *float64

func (EntityRoleImpl) GetType 

func (this EntityRoleImpl) GetType() EntityRoleType

func (EntityRoleImpl) IsEntityRole 

func (EntityRoleImpl) IsEntityRole()

type EntityRoleType 

type EntityRoleType string
const (
	EntityRoleTypeOperatorLevelAdminRole                                 EntityRoleType = "OperatorLevelAdminRole"
	EntityRoleTypeAdminAccountRole                                       EntityRoleType = "AdminAccountRole"
	EntityRoleTypeAzurePrivilegedRole                                    EntityRoleType = "AzurePrivilegedRole"
	EntityRoleTypeAzureGlobalPrivilegesRole                              EntityRoleType = "AzureGlobalPrivilegesRole"
	EntityRoleTypeAzureCredentialsPrivilegesRole                         EntityRoleType = "AzureCredentialsPrivilegesRole"
	EntityRoleTypeAzureAccessPrivilegesRole                              EntityRoleType = "AzureAccessPrivilegesRole"
	EntityRoleTypeAzureApplicationPrivilegesRole                         EntityRoleType = "AzureApplicationPrivilegesRole"
	EntityRoleTypeAzureSecurityPrivilegesRole                            EntityRoleType = "AzureSecurityPrivilegesRole"
	EntityRoleTypeAzurePrivilegedApplicationControllerRole               EntityRoleType = "AzurePrivilegedApplicationControllerRole"
	EntityRoleTypeAzureSecurityGroupRole                                 EntityRoleType = "AzureSecurityGroupRole"
	EntityRoleTypeAzureMicrosoft365GroupRole                             EntityRoleType = "AzureMicrosoft365GroupRole"
	EntityRoleTypeAzureDistributionGroupRole                             EntityRoleType = "AzureDistributionGroupRole"
	EntityRoleTypeEffectiveAdminRole                                     EntityRoleType = "EffectiveAdminRole"
	EntityRoleTypeServerRole                                             EntityRoleType = "ServerRole"
	EntityRoleTypeClassificationRole                                     EntityRoleType = "ClassificationRole"
	EntityRoleTypeDomainLevelAdminRole                                   EntityRoleType = "DomainLevelAdminRole"
	EntityRoleTypeProgrammaticUserAccountRole                            EntityRoleType = "ProgrammaticUserAccountRole"
	EntityRoleTypeForestLevelAdminRole                                   EntityRoleType = "ForestLevelAdminRole"
	EntityRoleTypeApplicationServerRole                                  EntityRoleType = "ApplicationServerRole"
	EntityRoleTypeAccountOperatorsAdminRole                              EntityRoleType = "AccountOperatorsAdminRole"
	EntityRoleTypeEffectiveReplicatorsAdminRole                          EntityRoleType = "EffectiveReplicatorsAdminRole"
	EntityRoleTypeKrbtgtAccountAdminRole                                 EntityRoleType = "KrbtgtAccountAdminRole"
	EntityRoleTypeDomainControllersAdminRole                             EntityRoleType = "DomainControllersAdminRole"
	EntityRoleTypeReadOnlyDomainControllersAdminRole                     EntityRoleType = "ReadOnlyDomainControllersAdminRole"
	EntityRoleTypeReplicatorsAdminRole                                   EntityRoleType = "ReplicatorsAdminRole"
	EntityRoleTypeMailboxRole                                            EntityRoleType = "MailboxRole"
	EntityRoleTypePrivilegedGroupControllerAdminRole                     EntityRoleType = "PrivilegedGroupControllerAdminRole"
	EntityRoleTypeDNSServerRole                                          EntityRoleType = "DnsServerRole"
	EntityRoleTypeDomainAdminsRole                                       EntityRoleType = "DomainAdminsRole"
	EntityRoleTypeSchemaAdminsRole                                       EntityRoleType = "SchemaAdminsRole"
	EntityRoleTypeAdministratorsRole                                     EntityRoleType = "AdministratorsRole"
	EntityRoleTypeBuiltinAdministratorRole                               EntityRoleType = "BuiltinAdministratorRole"
	EntityRoleTypeEnterpriseAdminsRole                                   EntityRoleType = "EnterpriseAdminsRole"
	EntityRoleTypePasswordResetterAdminRole                              EntityRoleType = "PasswordResetterAdminRole"
	EntityRoleTypePermissionsControllerAdminRole                         EntityRoleType = "PermissionsControllerAdminRole"
	EntityRoleTypeObjectSidTakeoverAdminRole                             EntityRoleType = "ObjectSidTakeoverAdminRole"
	EntityRoleTypeBackupOperatorsAdminRole                               EntityRoleType = "BackupOperatorsAdminRole"
	EntityRoleTypePrintOperatorsAdminRole                                EntityRoleType = "PrintOperatorsAdminRole"
	EntityRoleTypeServerOperatorsAdminRole                               EntityRoleType = "ServerOperatorsAdminRole"
	EntityRoleTypeServiceDelegationAdminRole                             EntityRoleType = "ServiceDelegationAdminRole"
	EntityRoleTypeUnconstrainedServiceDelegationAdminRole                EntityRoleType = "UnconstrainedServiceDelegationAdminRole"
	EntityRoleTypeConstrainedServiceDelegationAdminRole                  EntityRoleType = "ConstrainedServiceDelegationAdminRole"
	EntityRoleTypeFileServerRole                                         EntityRoleType = "FileServerRole"
	EntityRoleTypeHumanUserAccountRole                                   EntityRoleType = "HumanUserAccountRole"
	EntityRoleTypeWorkstationRole                                        EntityRoleType = "WorkstationRole"
	EntityRoleTypeNtlmMovementRole                                       EntityRoleType = "NtlmMovementRole"
	EntityRoleTypeDomainControllerRole                                   EntityRoleType = "DomainControllerRole"
	EntityRoleTypeVdiEndpointRole                                        EntityRoleType = "VdiEndpointRole"
	EntityRoleTypeExchangeServerRole                                     EntityRoleType = "ExchangeServerRole"
	EntityRoleTypeLocalAdminRole                                         EntityRoleType = "LocalAdminRole"
	EntityRoleTypeBusinessPrivilegeRole                                  EntityRoleType = "BusinessPrivilegeRole"
	EntityRoleTypeContainerRole                                          EntityRoleType = "ContainerRole"
	EntityRoleTypePermissionAssignerRole                                 EntityRoleType = "PermissionAssignerRole"
	EntityRoleTypeMailingListRole                                        EntityRoleType = "MailingListRole"
	EntityRoleTypeSecurityGroupRole                                      EntityRoleType = "SecurityGroupRole"
	EntityRoleTypeDistributionGroupRole                                  EntityRoleType = "DistributionGroupRole"
	EntityRoleTypeHoneytokenRole                                         EntityRoleType = "HoneytokenRole"
	EntityRoleTypeCertificateAuthorityServerRole                         EntityRoleType = "CertificateAuthorityServerRole"
	EntityRoleTypeCertificateAuthorityAdminRole                          EntityRoleType = "CertificateAuthorityAdminRole"
	EntityRoleTypeAuthenticationCertificateTemplateControllerRole        EntityRoleType = "AuthenticationCertificateTemplateControllerRole"
	EntityRoleTypeKeyCredentialAdminRole                                 EntityRoleType = "KeyCredentialAdminRole"
	EntityRoleTypeOwnerAdminRole                                         EntityRoleType = "OwnerAdminRole"
	EntityRoleTypeCertificateAuthenticationAsAnyDomainUserRole           EntityRoleType = "CertificateAuthenticationAsAnyDomainUserRole"
	EntityRoleTypeAuthenticationAsAnyUserWithCertificateRequestAgentRole EntityRoleType = "AuthenticationAsAnyUserWithCertificateRequestAgentRole"
)

func (EntityRoleType) IsValid 

func (e EntityRoleType) IsValid() bool

func (EntityRoleType) MarshalGQL 

func (e EntityRoleType) MarshalGQL(w io.Writer)

func (EntityRoleType) String 

func (e EntityRoleType) String() string

func (*EntityRoleType) UnmarshalGQL 

func (e *EntityRoleType) UnmarshalGQL(v interface{}) error

type EntitySortKey 

type EntitySortKey string

Enumeration of sort options for the `entities` query API. 

const (
	EntitySortKeyEntityID             EntitySortKey = "ENTITY_ID"
	EntitySortKeyRiskScore            EntitySortKey = "RISK_SCORE"
	EntitySortKeyMostRecentActivity   EntitySortKey = "MOST_RECENT_ACTIVITY"
	EntitySortKeyCreationTime         EntitySortKey = "CREATION_TIME"
	EntitySortKeyExpirationTime       EntitySortKey = "EXPIRATION_TIME"
	EntitySortKeyOpenIncidentCount    EntitySortKey = "OPEN_INCIDENT_COUNT"
	EntitySortKeyPrimaryDisplayName   EntitySortKey = "PRIMARY_DISPLAY_NAME"
	EntitySortKeySecondaryDisplayName EntitySortKey = "SECONDARY_DISPLAY_NAME"
	EntitySortKeyOu                   EntitySortKey = "OU"
	EntitySortKeyDepartment           EntitySortKey = "DEPARTMENT"
	EntitySortKeyLastUpdateTime       EntitySortKey = "LAST_UPDATE_TIME"
)

func (EntitySortKey) IsValid 

func (e EntitySortKey) IsValid() bool

func (EntitySortKey) MarshalGQL 

func (e EntitySortKey) MarshalGQL(w io.Writer)

func (EntitySortKey) String 

func (e EntitySortKey) String() string

func (*EntitySortKey) UnmarshalGQL 

func (e *EntitySortKey) UnmarshalGQL(v interface{}) error

type EntityType 

type EntityType string

Enumeration of entity types. 

const (
	// A user entity represents a user account by the `UserEntity` interface.
	EntityTypeUser EntityType = "USER"
	// An endpoint entity represents an endpoint in the network or in a directory by the `EndpointEntity` interface.
	EntityTypeEndpoint EntityType = "ENDPOINT"
	// A cloud service entity represents a cloud application participating in SSO
	// activities by the `CloudServiceEntity` interface.
	EntityTypeCloudService EntityType = "CLOUD_SERVICE"
	// An entity-container entity represents an entity group, such as an LDAP group
	// of users, by the `EntityContainerEntity` interface.
	EntityTypeEntityContainer EntityType = "ENTITY_CONTAINER"
)

func (EntityType) IsValid 

func (e EntityType) IsValid() bool

func (EntityType) MarshalGQL 

func (e EntityType) MarshalGQL(w io.Writer)

func (EntityType) String 

func (e EntityType) String() string

func (*EntityType) UnmarshalGQL 

func (e *EntityType) UnmarshalGQL(v interface{}) error

type ErrorDetails 

type ErrorDetails interface {
	IsErrorDetails()
	// A human-readable error message describing an error or failure.
	GetMessage() string
}

An error descriptor. This common interface contains just a human-readable error message. For more structural data which can be used programmatically, see the specialized sub-types of this interface.

type ErrorDetailsImpl 

type ErrorDetailsImpl struct {
	Message string `json:"message"`
}

func (ErrorDetailsImpl) GetMessage 

func (this ErrorDetailsImpl) GetMessage() string

A human-readable error message describing an error or failure.

func (ErrorDetailsImpl) IsErrorDetails 

func (ErrorDetailsImpl) IsErrorDetails()

type ExchangeServerRole 

type ExchangeServerRole struct {
	Confirmed    bool           `json:"confirmed"`
	FullPath     *string        `json:"fullPath,omitempty"`
	Impersonator bool           `json:"impersonator"`
	Probability  *float64       `json:"probability,omitempty"`
	Type         EntityRoleType `json:"type"`
}

func (ExchangeServerRole) GetConfirmed 

func (this ExchangeServerRole) GetConfirmed() bool

func (ExchangeServerRole) GetFullPath 

func (this ExchangeServerRole) GetFullPath() *string

func (ExchangeServerRole) GetImpersonator 

func (this ExchangeServerRole) GetImpersonator() bool

func (ExchangeServerRole) GetProbability 

func (this ExchangeServerRole) GetProbability() *float64

func (ExchangeServerRole) GetType 

func (this ExchangeServerRole) GetType() EntityRoleType

func (ExchangeServerRole) IsApplicationServerRole 

func (ExchangeServerRole) IsApplicationServerRole()

func (ExchangeServerRole) IsClassificationRole 

func (ExchangeServerRole) IsClassificationRole()

func (ExchangeServerRole) IsEntityRole 

func (ExchangeServerRole) IsEntityRole()

func (ExchangeServerRole) IsServerRole 

func (ExchangeServerRole) IsServerRole()

type ExposedLocalAdminsEntityRiskFactor 

type ExposedLocalAdminsEntityRiskFactor struct {
	ExposedUsers []*ExposedLocalUserData `json:"exposedUsers"`
	Score        string                  `json:"score"`
	Severity     ScoreSeverity           `json:"severity"`
	Type         RiskFactorType          `json:"type"`
}

func (ExposedLocalAdminsEntityRiskFactor) GetScore 

func (this ExposedLocalAdminsEntityRiskFactor) GetScore() string

func (ExposedLocalAdminsEntityRiskFactor) GetSeverity 

func (this ExposedLocalAdminsEntityRiskFactor) GetSeverity() ScoreSeverity

func (ExposedLocalAdminsEntityRiskFactor) GetType 

func (this ExposedLocalAdminsEntityRiskFactor) GetType() RiskFactorType

func (ExposedLocalAdminsEntityRiskFactor) IsEntityRiskFactor 

func (ExposedLocalAdminsEntityRiskFactor) IsEntityRiskFactor()

type ExposedLocalUserData 

type ExposedLocalUserData struct {
	AccountName string  `json:"accountName"`
	Domain      *string `json:"domain,omitempty"`
	GpoName     *string `json:"gpoName,omitempty"`
}

type FileOperationType 

type FileOperationType string
const (
	FileOperationTypeGenericAccess FileOperationType = "GENERIC_ACCESS"
	FileOperationTypeModify        FileOperationType = "MODIFY"
	FileOperationTypeDownload      FileOperationType = "DOWNLOAD"
	FileOperationTypeMove          FileOperationType = "MOVE"
	FileOperationTypeCopy          FileOperationType = "COPY"
	FileOperationTypeRename        FileOperationType = "RENAME"
	FileOperationTypeDelete        FileOperationType = "DELETE"
	FileOperationTypeUpload        FileOperationType = "UPLOAD"
)

func (FileOperationType) IsValid 

func (e FileOperationType) IsValid() bool

func (FileOperationType) MarshalGQL 

func (e FileOperationType) MarshalGQL(w io.Writer)

func (FileOperationType) String 

func (e FileOperationType) String() string

func (*FileOperationType) UnmarshalGQL 

func (e *FileOperationType) UnmarshalGQL(v interface{}) error

type FileServerRole 

type FileServerRole struct {
	Confirmed    bool           `json:"confirmed"`
	FullPath     *string        `json:"fullPath,omitempty"`
	Impersonator bool           `json:"impersonator"`
	Probability  *float64       `json:"probability,omitempty"`
	Type         EntityRoleType `json:"type"`
}

func (FileServerRole) GetConfirmed 

func (this FileServerRole) GetConfirmed() bool

func (FileServerRole) GetFullPath 

func (this FileServerRole) GetFullPath() *string

func (FileServerRole) GetImpersonator 

func (this FileServerRole) GetImpersonator() bool

func (FileServerRole) GetProbability 

func (this FileServerRole) GetProbability() *float64

func (FileServerRole) GetType 

func (this FileServerRole) GetType() EntityRoleType

func (FileServerRole) IsApplicationServerRole 

func (FileServerRole) IsApplicationServerRole()

func (FileServerRole) IsClassificationRole 

func (FileServerRole) IsClassificationRole()

func (FileServerRole) IsEntityRole 

func (FileServerRole) IsEntityRole()

func (FileServerRole) IsServerRole 

func (FileServerRole) IsServerRole()

type ForestLevelAdminRole 

type ForestLevelAdminRole interface {
	IsForestLevelAdminRole()
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type GeoJSONProperties 

type GeoJSONProperties struct {
	CountryCode    *string `json:"countryCode,omitempty"`
	StateCode      *string `json:"stateCode,omitempty"`
	CityCode       *string `json:"cityCode,omitempty"`
	AccuracyRadius *string `json:"accuracyRadius,omitempty"`
}

type GeoJSONType 

type GeoJSONType string
const (
	GeoJSONTypePoint              GeoJSONType = "Point"
	GeoJSONTypeMultiPoint         GeoJSONType = "MultiPoint"
	GeoJSONTypeLineString         GeoJSONType = "LineString"
	GeoJSONTypeMultiLineString    GeoJSONType = "MultiLineString"
	GeoJSONTypePolygon            GeoJSONType = "Polygon"
	GeoJSONTypeMultiPolygon       GeoJSONType = "MultiPolygon"
	GeoJSONTypeGeometryCollection GeoJSONType = "GeometryCollection"
)

func (GeoJSONType) IsValid 

func (e GeoJSONType) IsValid() bool

func (GeoJSONType) MarshalGQL 

func (e GeoJSONType) MarshalGQL(w io.Writer)

func (GeoJSONType) String 

func (e GeoJSONType) String() string

func (*GeoJSONType) UnmarshalGQL 

func (e *GeoJSONType) UnmarshalGQL(v interface{}) error

type GeoLocation 

type GeoLocation struct {
	// The accuracy radius reported for this location.
	AccuracyRadius *int `json:"accuracyRadius,omitempty"`
	// Returns `true` if the country associated with this location appears on the user-configured blacklist.
	Blacklisted *bool `json:"blacklisted,omitempty"`
	// If the city for this location is identified, its name is returned. Prefer `cityCode` for programmatic usage.
	City *string `json:"city,omitempty"`
	// If the city for this location is identified, the respective city code is presented.
	CityCode *int `json:"cityCode,omitempty"`
	// Location coordinates ordered as `(longitude, latitude)`.
	//
	// This field should be used only for GeoJSON compatibility. It retrieves the
	// same data as the `longitude` and `latitude` properties.
	Coordinates []float64 `json:"coordinates"`
	// If the country for this location is identified, its name is returned. Prefer `countryCode` for programmatic usage.
	Country *string `json:"country,omitempty"`
	// If the country for this location is identified, it is represented as a
	// [two-letter ISO-3166-1 country
	// code](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
	CountryCode *string `json:"countryCode,omitempty"`
	// The location latitude
	Latitude float64 `json:"latitude"`
	// The location longitude
	Longitude float64 `json:"longitude"`
	// Additional properties (besides coordinates) known for this location.
	//
	// This field should be used only for GeoJSON compatibility. It retrieves the same data as non-nested fields,
	Properties *GeoJSONProperties `json:"properties,omitempty"`
	// If the state for this location is identified, the respective state code is presented.
	StateCode *string `json:"stateCode,omitempty"`
	// GeoJSON's `type` field (always returns `Point`)
	Type GeoJSONType `json:"type"`
	// Returns `true` if the country associated with this location appears on the user-configured whitelist.
	Whitelisted *bool `json:"whitelisted,omitempty"`
}

An object representing a geographical location.

The fields `coordinates`, `type`, and `properties` should be used only for compatibility with [GeoJSON](http://geojson.org/) compatibility. Otherwise, they can be replaced with more user-friendly fields that retrieve the same information.

```graphql 

{
  # An IDAAS connector must be configured for this query to return any results.
  timeline(
    first: 1
    categories: ACTIVITY
    dataSourceCategories: [IDAAS]
    sortOrder: DESCENDING)
  {
    nodes
    {
      ... on TimelineUserOnEndpointActivityEvent
      {
        geoLocation
        {
          longitude
          latitude
          longitude
          countryCode
          stateCode
          cityCode
          accuracyRadius

          # These fields are not available in geo-json form
          country
          city
          blacklisted
          whitelisted
          timeZone
        }

        # Alternative, geo-json projection
        geoJsonFrom: geoLocation {
          type
          coordinates
          properties {
            countryCode
            stateCode
            cityCode
            accuracyRadius
          }
        }
      }
    }
  }
}

```

type GeoLocationAssociation 

type GeoLocationAssociation struct {
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	BindingType BindingType  `json:"bindingType"`
	GeoLocation *GeoLocation `json:"geoLocation"`
}

An association between two entities. The nature of the association and the specific subtype are determined by `bindingType`.

**Symmetric vs. Asymmetric**: Depending on the binding type, an association can be symmetric or asymmetric. A symmetric association is set on both participating entities, each pointing to the other one. For example, the `LOGIN` association is symmetric. Therefore, if a user has a `LOGIN` association with an endpoint, the endpoint should have the same association with the user. Conversely, if a user has a `SERVICE_ACCESS` association with a server, the server is not supposed to have the same association with the user, because the `SERVICE_ACCESS` association is asymmetric. The documentation for `BindingType` specifies which binding types are symmetric and which are asymmetric.

func (GeoLocationAssociation) GetBindingType 

func (this GeoLocationAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (GeoLocationAssociation) IsAssociation 

func (GeoLocationAssociation) IsAssociation()

type GpoBasedRiskEntityFactor 

type GpoBasedRiskEntityFactor struct {
	EffectiveGpos []*EffectiveGpo `json:"effectiveGpos"`
	Score         string          `json:"score"`
	Severity      ScoreSeverity   `json:"severity"`
	Type          RiskFactorType  `json:"type"`
}

func (GpoBasedRiskEntityFactor) GetScore 

func (this GpoBasedRiskEntityFactor) GetScore() string

func (GpoBasedRiskEntityFactor) GetSeverity 

func (this GpoBasedRiskEntityFactor) GetSeverity() ScoreSeverity

func (GpoBasedRiskEntityFactor) GetType 

func (this GpoBasedRiskEntityFactor) GetType() RiskFactorType

func (GpoBasedRiskEntityFactor) IsEntityRiskFactor 

func (GpoBasedRiskEntityFactor) IsEntityRiskFactor()

type HoneytokenRole 

type HoneytokenRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (HoneytokenRole) GetConfirmed 

func (this HoneytokenRole) GetConfirmed() bool

func (HoneytokenRole) GetFullPath 

func (this HoneytokenRole) GetFullPath() *string

func (HoneytokenRole) GetProbability 

func (this HoneytokenRole) GetProbability() *float64

func (HoneytokenRole) GetType 

func (this HoneytokenRole) GetType() EntityRoleType

func (HoneytokenRole) IsClassificationRole 

func (HoneytokenRole) IsClassificationRole()

func (HoneytokenRole) IsEntityRole 

func (HoneytokenRole) IsEntityRole()

type HumanUserAccountRole 

type HumanUserAccountRole struct {
	BusinessRole BusinessRole   `json:"businessRole"`
	Confirmed    bool           `json:"confirmed"`
	FullPath     *string        `json:"fullPath,omitempty"`
	Probability  *float64       `json:"probability,omitempty"`
	Type         EntityRoleType `json:"type"`
}

func (HumanUserAccountRole) GetConfirmed 

func (this HumanUserAccountRole) GetConfirmed() bool

func (HumanUserAccountRole) GetFullPath 

func (this HumanUserAccountRole) GetFullPath() *string

func (HumanUserAccountRole) GetProbability 

func (this HumanUserAccountRole) GetProbability() *float64

func (HumanUserAccountRole) GetType 

func (this HumanUserAccountRole) GetType() EntityRoleType

func (HumanUserAccountRole) IsClassificationRole 

func (HumanUserAccountRole) IsClassificationRole()

func (HumanUserAccountRole) IsEntityRole 

func (HumanUserAccountRole) IsEntityRole()

type IPInfoList 

type IPInfoList struct {
	IPList []*TrafficInspectionExclusionListInput `json:"ipList"`
	Tag    *string                                `json:"tag,omitempty"`
}

type IPList 

type IPList struct {
	IPList []string `json:"ipList"`
	Tag    *string  `json:"tag,omitempty"`
}

type IPReputation 

type IPReputation string
const (
	IPReputationAnonymousActive   IPReputation = "ANONYMOUS_ACTIVE"
	IPReputationAnonymousSuspect  IPReputation = "ANONYMOUS_SUSPECT"
	IPReputationAnonymousInactive IPReputation = "ANONYMOUS_INACTIVE"
	IPReputationAnonymousPrivate  IPReputation = "ANONYMOUS_PRIVATE"
	IPReputationDictionaryAttack  IPReputation = "DICTIONARY_ATTACK"
	IPReputationDdosAttack        IPReputation = "DDOS_ATTACK"
	IPReputationSpam              IPReputation = "SPAM"
	IPReputationHostingFacility   IPReputation = "HOSTING_FACILITY"
)

func (IPReputation) IsValid 

func (e IPReputation) IsValid() bool

func (IPReputation) MarshalGQL 

func (e IPReputation) MarshalGQL(w io.Writer)

func (IPReputation) String 

func (e IPReputation) String() string

func (*IPReputation) UnmarshalGQL 

func (e *IPReputation) UnmarshalGQL(v interface{}) error

type IPStatusOutput 

type IPStatusOutput struct {
	IP       string                                  `json:"ip"`
	Port     *int                                    `json:"port,omitempty"`
	Protocol *TrafficInspectionExclusionListProtocol `json:"protocol,omitempty"`
	Status   TrafficInspectionExclusionListStatus    `json:"status"`
}

type Incident 

type Incident struct {
	// List of all alert events contained by this incident. This is a simplified
	// version of the `timeline` field, restricting the query to alert events and
	// avoiding inner pagination.
	AlertEvents []*TimelineAlertEvent `json:"alertEvents"`
	// Comments attached to this incident.
	Comments []*IncidentComment `json:"comments"`
	// Consolidated list of entities which are considered compromised in the context
	// of this incident. The list items are sorted by importance in descending order.
	CompromisedEntities []Entity `json:"compromisedEntities"`
	// The incident end time.
	EndTime string `json:"endTime"`
	// The incident unique identifier. This identifier can be later used to refetch the incident using the `incident` API.
	IncidentID string `json:"incidentId"`
	// The current incident life cycle stage.
	LifeCycleStage *IncidentLifeCycleStage `json:"lifeCycleStage,omitempty"`
	// If `true`, the incident is marked as read. An incident is automatically marked
	// as read once it is opened in the user interface.
	MarkedAsRead bool `json:"markedAsRead"`
	// The incident severity.
	Severity IncidentSeverity `json:"severity"`
	// The incident start time.
	StartTime string `json:"startTime"`
	// Fetches events associated with this incident. By default, only alerts (see
	// `TimelineEventAlert`) are filtered. For a broader context, list additional
	// events associated with the entities involved in this incident during its
	// lifecyles by setting `includeContextualEvents` to `true`.
	//
	// If you wish to query alert events only, you may prefer to project
	// `alertEvents`, which is a simplified, unpaginated version of this field.
	Timeline *TimelineEventConnection `json:"timeline"`
	// The incident type.
	Type IncidentType `json:"type"`
}

A malicious event or a sequence of related events that may lead or have already led to a significant disruption or degradation of network availability and security or business continuity.

type IncidentComment 

type IncidentComment struct {
	// The system user who added this comment.
	Author *SystemUser `json:"author"`
	// The comment.
	Text string `json:"text"`
	// The time at which the comment was added.
	Timestamp string `json:"timestamp"`
}

Descriptor of an `Incident` comment.

type IncidentConnection 

type IncidentConnection struct {
	// List of `Incident` edges.
	Edges []*IncidentEdge `json:"edges"`
	// Information to aid in pagination.
	PageInfo *PageInfo `json:"pageInfo"`
	// A convenience extension to the standard Relay Connection type, directly
	// exposing the `Incident` elements, which may be used *instead* of edges. It is
	// primarily useful in conjunction with `startCursor` and `endCursor`, or when
	// exploring the API interactively (e.g. in GraphiQL).
	Nodes []*Incident `json:"nodes"`
}

A [Relay-Compatible](https://facebook.github.io/relay/graphql/connections.htm) Connection type for paginating over `Incident` elements.

type IncidentEdge 

type IncidentEdge struct {
	// Cursor pointing to this edge, to be used in standard pagination query arguments (`before`, `after`).
	Cursor string `json:"cursor"`
	// The `Incident` item at the end of this edge.
	Node *Incident `json:"node"`
}

A `Incident` edge in a connection.

type IncidentLifeCycleStage 

type IncidentLifeCycleStage string

Enumeration of `Incident` life-cycle stages. 

const (
	IncidentLifeCycleStageNew           IncidentLifeCycleStage = "NEW"
	IncidentLifeCycleStageInProgress    IncidentLifeCycleStage = "IN_PROGRESS"
	IncidentLifeCycleStageDismiss       IncidentLifeCycleStage = "DISMISS"
	IncidentLifeCycleStageFalsePositive IncidentLifeCycleStage = "FALSE_POSITIVE"
	IncidentLifeCycleStageResolved      IncidentLifeCycleStage = "RESOLVED"
	IncidentLifeCycleStageAutoResolved  IncidentLifeCycleStage = "AUTO_RESOLVED"
)

func (IncidentLifeCycleStage) IsValid 

func (e IncidentLifeCycleStage) IsValid() bool

func (IncidentLifeCycleStage) MarshalGQL 

func (e IncidentLifeCycleStage) MarshalGQL(w io.Writer)

func (IncidentLifeCycleStage) String 

func (e IncidentLifeCycleStage) String() string

func (*IncidentLifeCycleStage) UnmarshalGQL 

func (e *IncidentLifeCycleStage) UnmarshalGQL(v interface{}) error

type IncidentLifeCycleStageInput 

type IncidentLifeCycleStageInput string

An enumeration of incident life cycle stages valid as input for mutations (a subset of `IncidentLifeCycleStage`). 

const (
	IncidentLifeCycleStageInputNew           IncidentLifeCycleStageInput = "NEW"
	IncidentLifeCycleStageInputInProgress    IncidentLifeCycleStageInput = "IN_PROGRESS"
	IncidentLifeCycleStageInputDismiss       IncidentLifeCycleStageInput = "DISMISS"
	IncidentLifeCycleStageInputFalsePositive IncidentLifeCycleStageInput = "FALSE_POSITIVE"
	IncidentLifeCycleStageInputResolved      IncidentLifeCycleStageInput = "RESOLVED"
)

func (IncidentLifeCycleStageInput) IsValid 

func (e IncidentLifeCycleStageInput) IsValid() bool

func (IncidentLifeCycleStageInput) MarshalGQL 

func (e IncidentLifeCycleStageInput) MarshalGQL(w io.Writer)

func (IncidentLifeCycleStageInput) String 

func (e IncidentLifeCycleStageInput) String() string

func (*IncidentLifeCycleStageInput) UnmarshalGQL 

func (e *IncidentLifeCycleStageInput) UnmarshalGQL(v interface{}) error

type IncidentSeverity 

type IncidentSeverity string

Enumeration of incident severities. 

const (
	IncidentSeverityInfo   IncidentSeverity = "INFO"
	IncidentSeverityLow    IncidentSeverity = "LOW"
	IncidentSeverityMedium IncidentSeverity = "MEDIUM"
	IncidentSeverityHigh   IncidentSeverity = "HIGH"
)

func (IncidentSeverity) IsValid 

func (e IncidentSeverity) IsValid() bool

func (IncidentSeverity) MarshalGQL 

func (e IncidentSeverity) MarshalGQL(w io.Writer)

func (IncidentSeverity) String 

func (e IncidentSeverity) String() string

func (*IncidentSeverity) UnmarshalGQL 

func (e *IncidentSeverity) UnmarshalGQL(v interface{}) error

type IncidentSortKey 

type IncidentSortKey string

Enumeration of sort options for the `Incidents` query API. 

const (
	// Sort by a value of `Incident:incidentId`.
	IncidentSortKeyIncidentID IncidentSortKey = "INCIDENT_ID"
	// Sort by a value of `Incident:severity`.
	IncidentSortKeySeverity IncidentSortKey = "SEVERITY"
	// Sort by a value of `Incident:startTime`.
	IncidentSortKeyStartTime IncidentSortKey = "START_TIME"
	// Sort by a value of `Incident:endTime`.
	IncidentSortKeyEndTime IncidentSortKey = "END_TIME"
	// Sort by a value of `Incident:type`.
	IncidentSortKeyType IncidentSortKey = "TYPE"
	// Sort by a value of `Incident:lifeCycleStage`.
	IncidentSortKeyStatus IncidentSortKey = "STATUS"
)

func (IncidentSortKey) IsValid 

func (e IncidentSortKey) IsValid() bool

func (IncidentSortKey) MarshalGQL 

func (e IncidentSortKey) MarshalGQL(w io.Writer)

func (IncidentSortKey) String 

func (e IncidentSortKey) String() string

func (*IncidentSortKey) UnmarshalGQL 

func (e *IncidentSortKey) UnmarshalGQL(v interface{}) error

type IncidentState 

type IncidentState struct {
	Author         *SystemUser            `json:"author,omitempty"`
	LifeCycleStage IncidentLifeCycleStage `json:"lifeCycleStage"`
	Reason         string                 `json:"reason"`
	Timestamp      string                 `json:"timestamp"`
}

type IncidentType 

type IncidentType string

Enumeration of `Incident` types. 

const (
	// Activity is classified as anomalous behavior pattern based on baseline and user similarity.
	IncidentTypeUnusualEndpointAccess IncidentType = "UNUSUAL_ENDPOINT_ACCESS"
	// A user request to service is classified as anomalous behavior pattern based on learned profile and user similarity.
	IncidentTypeUnusualServiceAccess IncidentType = "UNUSUAL_SERVICE_ACCESS"
	// User seen coming from a location that deviates from their baseline.
	IncidentTypeUnusualEndpointUse IncidentType = "UNUSUAL_ENDPOINT_USE"
	// Some activity may indicate start of reconnaissance. This happens when
	// adversaries try to gather information on your domain.
	IncidentTypeSuspiciousDomainActivity IncidentType = "SUSPICIOUS_DOMAIN_ACTIVITY"
	// Anomalous user access patterns were detected. Such activities may indicate
	// potential threats, such as endpoint infection, compromised account or other risks.
	IncidentTypePotentialRiskyActivity IncidentType = "POTENTIAL_RISKY_ACTIVITY"
	// In an advanced attack, a Domain Controller vulnerability was exploited and the entire domain has been compromised.
	IncidentTypeDomainCompromise IncidentType = "DOMAIN_COMPROMISE"
	// An account's credentials may have been stolen.
	IncidentTypeCredentialTheft IncidentType = "CREDENTIAL_THEFT"
	// An endpoint may be infected and controlled by a malicious party.
	IncidentTypeEndpointCompromise IncidentType = "ENDPOINT_COMPROMISE"
	// User is accessing and connecting from multiple locations, that are anomalous
	// to the user baseline and their peer users. Such behavior may indicate
	// potential lateral movement, domain reconnaissance, credentials theft and other risks.
	IncidentTypeSuspiciousMovement IncidentType = "SUSPICIOUS_MOVEMENT"
	// Anomalous user access patterns were detected. Such activities may indicate
	// potential threats, such as endpoint infection, compromised account or other risks.
	IncidentTypeUnusualActivity IncidentType = "UNUSUAL_ACTIVITY"
)

func (IncidentType) IsValid 

func (e IncidentType) IsValid() bool

func (IncidentType) MarshalGQL 

func (e IncidentType) MarshalGQL(w io.Writer)

func (IncidentType) String 

func (e IncidentType) String() string

func (*IncidentType) UnmarshalGQL 

func (e *IncidentType) UnmarshalGQL(v interface{}) error

type IncidentUpdateResult 

type IncidentUpdateResult struct {
	ClientMutationID *string   `json:"clientMutationId,omitempty"`
	Incident         *Incident `json:"incident"`
}

type InvolvedEntitiesQueryInfo 

type InvolvedEntitiesQueryInfo struct {
	Archived bool   `json:"archived"`
	Domains  string `json:"domains"`
	Roles    string `json:"roles"`
	Types    string `json:"types"`
}

type IspClassification 

type IspClassification string
const (
	IspClassificationCom    IspClassification = "COM"
	IspClassificationOrg    IspClassification = "ORG"
	IspClassificationGov    IspClassification = "GOV"
	IspClassificationMil    IspClassification = "MIL"
	IspClassificationEdu    IspClassification = "EDU"
	IspClassificationLib    IspClassification = "LIB"
	IspClassificationCdn    IspClassification = "CDN"
	IspClassificationIsp    IspClassification = "ISP"
	IspClassificationMob    IspClassification = "MOB"
	IspClassificationDch    IspClassification = "DCH"
	IspClassificationSes    IspClassification = "SES"
	IspClassificationRsv    IspClassification = "RSV"
	IspClassificationIspMob IspClassification = "ISP_MOB"
	IspClassificationNone   IspClassification = "NONE"
)

func (IspClassification) IsValid 

func (e IspClassification) IsValid() bool

func (IspClassification) MarshalGQL 

func (e IspClassification) MarshalGQL(w io.Writer)

func (IspClassification) String 

func (e IspClassification) String() string

func (*IspClassification) UnmarshalGQL 

func (e *IspClassification) UnmarshalGQL(v interface{}) error

type KerberosEncryptionType 

type KerberosEncryptionType string
const (
	KerberosEncryptionTypeDesCbcCrc                 KerberosEncryptionType = "DES_CBC_CRC"
	KerberosEncryptionTypeDesCbcMd4                 KerberosEncryptionType = "DES_CBC_MD4"
	KerberosEncryptionTypeDesCbcMd5                 KerberosEncryptionType = "DES_CBC_MD5"
	KerberosEncryptionTypeDesCbcRaw                 KerberosEncryptionType = "DES_CBC_RAW"
	KerberosEncryptionTypeDes3CbcSha                KerberosEncryptionType = "DES3_CBC_SHA"
	KerberosEncryptionTypeDes3CbcRaw                KerberosEncryptionType = "DES3_CBC_RAW"
	KerberosEncryptionTypeDesHmacSha1               KerberosEncryptionType = "DES_HMAC_SHA1"
	KerberosEncryptionTypeDsaSha1Cms                KerberosEncryptionType = "DSA_SHA1_CMS"
	KerberosEncryptionTypeMd5RsaCms                 KerberosEncryptionType = "MD5_RSA_CMS"
	KerberosEncryptionTypeSha1RsaCms                KerberosEncryptionType = "SHA1_RSA_CMS"
	KerberosEncryptionTypeRc2CbcEnv                 KerberosEncryptionType = "RC2_CBC_ENV"
	KerberosEncryptionTypeRsaEnv                    KerberosEncryptionType = "RSA_ENV"
	KerberosEncryptionTypeRsaEsOaepEnv              KerberosEncryptionType = "RSA_ES_OAEP_ENV"
	KerberosEncryptionTypeDes3CbcEnv                KerberosEncryptionType = "DES3_CBC_ENV"
	KerberosEncryptionTypeDes3CbcSha1               KerberosEncryptionType = "DES3_CBC_SHA1"
	KerberosEncryptionTypeAes128CtsHmacSha1_96      KerberosEncryptionType = "AES128_CTS_HMAC_SHA1_96"
	KerberosEncryptionTypeAes256CtsHmacSha1_96      KerberosEncryptionType = "AES256_CTS_HMAC_SHA1_96"
	KerberosEncryptionTypeAes128CtsHmacSha256_128   KerberosEncryptionType = "AES128_CTS_HMAC_SHA256_128"
	KerberosEncryptionTypeDesCbcMd5Nt               KerberosEncryptionType = "DES_CBC_MD5_NT"
	KerberosEncryptionTypeRc4HmacNt                 KerberosEncryptionType = "RC4_HMAC_NT"
	KerberosEncryptionTypeRc4HmacNtExp              KerberosEncryptionType = "RC4_HMAC_NT_EXP"
	KerberosEncryptionTypeCamellia128CtsCmac        KerberosEncryptionType = "CAMELLIA128_CTS_CMAC"
	KerberosEncryptionTypeCamellia256CtsCmac        KerberosEncryptionType = "CAMELLIA256_CTS_CMAC"
	KerberosEncryptionTypeRc4Md4                    KerberosEncryptionType = "RC4_MD4"
	KerberosEncryptionTypeRc4Plain2                 KerberosEncryptionType = "RC4_PLAIN2"
	KerberosEncryptionTypeRc4Lm                     KerberosEncryptionType = "RC4_LM"
	KerberosEncryptionTypeRc4Sha                    KerberosEncryptionType = "RC4_SHA"
	KerberosEncryptionTypeDesPlain                  KerberosEncryptionType = "DES_PLAIN"
	KerberosEncryptionTypeRc4HmacOld                KerberosEncryptionType = "RC4_HMAC_OLD"
	KerberosEncryptionTypeRc4PlainOld               KerberosEncryptionType = "RC4_PLAIN_OLD"
	KerberosEncryptionTypeRc4HmacOldExp             KerberosEncryptionType = "RC4_HMAC_OLD_EXP"
	KerberosEncryptionTypeRc4PlainOldExp            KerberosEncryptionType = "RC4_PLAIN_OLD_EXP"
	KerberosEncryptionTypeRc4Plain                  KerberosEncryptionType = "RC4_PLAIN"
	KerberosEncryptionTypeRc4PlainExp               KerberosEncryptionType = "RC4_PLAIN_EXP"
	KerberosEncryptionTypeAes128CtsHmacSha1_96Plain KerberosEncryptionType = "AES128_CTS_HMAC_SHA1_96_PLAIN"
	KerberosEncryptionTypeAes256CtsHmacSha1_96Plain KerberosEncryptionType = "AES256_CTS_HMAC_SHA1_96_PLAIN"
)

func (KerberosEncryptionType) IsValid 

func (e KerberosEncryptionType) IsValid() bool

func (KerberosEncryptionType) MarshalGQL 

func (e KerberosEncryptionType) MarshalGQL(w io.Writer)

func (KerberosEncryptionType) String 

func (e KerberosEncryptionType) String() string

func (*KerberosEncryptionType) UnmarshalGQL 

func (e *KerberosEncryptionType) UnmarshalGQL(v interface{}) error

type KerberosErrorDetails 

type KerberosErrorDetails struct {
	// The standard Kerberos error code associated with the error.
	KrbError KrbErrCode `json:"krbError"`
	// A human-readable error message describing an error or failure.
	Message string `json:"message"`
	// The extended Microsoft-specific error code associated with the error, if any.
	MsSpecificError *ApplicationSpecificError `json:"msSpecificError,omitempty"`
}

A specialized `ErrorDetails` type for Kerberos activities.

func (KerberosErrorDetails) GetMessage 

func (this KerberosErrorDetails) GetMessage() string

A human-readable error message describing an error or failure.

func (KerberosErrorDetails) IsErrorDetails 

func (KerberosErrorDetails) IsErrorDetails()

type KeyCredentialAdminRole 

type KeyCredentialAdminRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (KeyCredentialAdminRole) GetAffectedEntities 

func (this KeyCredentialAdminRole) GetAffectedEntities() []Entity

func (KeyCredentialAdminRole) GetAuthorizingContainingEntitiesIds 

func (this KeyCredentialAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (KeyCredentialAdminRole) GetAuthorizingGroupIds 

func (this KeyCredentialAdminRole) GetAuthorizingGroupIds() []string

func (KeyCredentialAdminRole) GetBuiltin 

func (this KeyCredentialAdminRole) GetBuiltin() bool

func (KeyCredentialAdminRole) GetConfirmed 

func (this KeyCredentialAdminRole) GetConfirmed() bool

func (KeyCredentialAdminRole) GetEffectedEntityIds 

func (this KeyCredentialAdminRole) GetEffectedEntityIds() []string

func (KeyCredentialAdminRole) GetFullPath 

func (this KeyCredentialAdminRole) GetFullPath() *string

func (KeyCredentialAdminRole) GetProbability 

func (this KeyCredentialAdminRole) GetProbability() *float64

func (KeyCredentialAdminRole) GetType 

func (this KeyCredentialAdminRole) GetType() EntityRoleType

func (KeyCredentialAdminRole) IsAdminAccountRole 

func (KeyCredentialAdminRole) IsAdminAccountRole()

func (KeyCredentialAdminRole) IsEffectiveAdminRole 

func (KeyCredentialAdminRole) IsEffectiveAdminRole()

func (KeyCredentialAdminRole) IsEntityRole 

func (KeyCredentialAdminRole) IsEntityRole()

type KrbErrCode 

type KrbErrCode string

An enumeration of the Kerberos protocol standard error codes. 

const (
	KrbErrCodeKdcErrNone                            KrbErrCode = "KDC_ERR_NONE"
	KrbErrCodeKdcErrNameExp                         KrbErrCode = "KDC_ERR_NAME_EXP"
	KrbErrCodeKdcErrServiceExp                      KrbErrCode = "KDC_ERR_SERVICE_EXP"
	KrbErrCodeKdcErrBadPvno                         KrbErrCode = "KDC_ERR_BAD_PVNO"
	KrbErrCodeKdcErrCOldMastKvno                    KrbErrCode = "KDC_ERR_C_OLD_MAST_KVNO"
	KrbErrCodeKdcErrSOldMastKvno                    KrbErrCode = "KDC_ERR_S_OLD_MAST_KVNO"
	KrbErrCodeKdcErrCPrincipalUnknown               KrbErrCode = "KDC_ERR_C_PRINCIPAL_UNKNOWN"
	KrbErrCodeKdcErrSPrincipalUnknown               KrbErrCode = "KDC_ERR_S_PRINCIPAL_UNKNOWN"
	KrbErrCodeKdcErrPrincipalNotUnique              KrbErrCode = "KDC_ERR_PRINCIPAL_NOT_UNIQUE"
	KrbErrCodeKdcErrNullKey                         KrbErrCode = "KDC_ERR_NULL_KEY"
	KrbErrCodeKdcErrCannotPostdate                  KrbErrCode = "KDC_ERR_CANNOT_POSTDATE"
	KrbErrCodeKdcErrNeverValid                      KrbErrCode = "KDC_ERR_NEVER_VALID"
	KrbErrCodeKdcErrPolicy                          KrbErrCode = "KDC_ERR_POLICY"
	KrbErrCodeKdcErrBadoption                       KrbErrCode = "KDC_ERR_BADOPTION"
	KrbErrCodeKdcErrEnctypeNosupp                   KrbErrCode = "KDC_ERR_ENCTYPE_NOSUPP"
	KrbErrCodeKdcErrSumtypeNosupp                   KrbErrCode = "KDC_ERR_SUMTYPE_NOSUPP"
	KrbErrCodeKdcErrPadataTypeNosupp                KrbErrCode = "KDC_ERR_PADATA_TYPE_NOSUPP"
	KrbErrCodeKdcErrTrtypeNosupp                    KrbErrCode = "KDC_ERR_TRTYPE_NOSUPP"
	KrbErrCodeKdcErrClientRevoked                   KrbErrCode = "KDC_ERR_CLIENT_REVOKED"
	KrbErrCodeKdcErrServiceRevoked                  KrbErrCode = "KDC_ERR_SERVICE_REVOKED"
	KrbErrCodeKdcErrTgtRevoked                      KrbErrCode = "KDC_ERR_TGT_REVOKED"
	KrbErrCodeKdcErrClientNotyet                    KrbErrCode = "KDC_ERR_CLIENT_NOTYET"
	KrbErrCodeKdcErrServiceNotyet                   KrbErrCode = "KDC_ERR_SERVICE_NOTYET"
	KrbErrCodeKdcErrKeyExp                          KrbErrCode = "KDC_ERR_KEY_EXP"
	KrbErrCodeKdcErrPreauthFailed                   KrbErrCode = "KDC_ERR_PREAUTH_FAILED"
	KrbErrCodeKdcErrPreauthRequired                 KrbErrCode = "KDC_ERR_PREAUTH_REQUIRED"
	KrbErrCodeKdcErrServerNomatch                   KrbErrCode = "KDC_ERR_SERVER_NOMATCH"
	KrbErrCodeKdcErrMustUseUser2user                KrbErrCode = "KDC_ERR_MUST_USE_USER2USER"
	KrbErrCodeKdcErrPathNotAccepted                 KrbErrCode = "KDC_ERR_PATH_NOT_ACCEPTED"
	KrbErrCodeKdcErrSvcUnavailable                  KrbErrCode = "KDC_ERR_SVC_UNAVAILABLE"
	KrbErrCodeKrbApErrBadIntegrity                  KrbErrCode = "KRB_AP_ERR_BAD_INTEGRITY"
	KrbErrCodeKrbApErrTktExpired                    KrbErrCode = "KRB_AP_ERR_TKT_EXPIRED"
	KrbErrCodeKrbApErrTktNyv                        KrbErrCode = "KRB_AP_ERR_TKT_NYV"
	KrbErrCodeKrbApErrRepeat                        KrbErrCode = "KRB_AP_ERR_REPEAT"
	KrbErrCodeKrbApErrNotUs                         KrbErrCode = "KRB_AP_ERR_NOT_US"
	KrbErrCodeKrbApErrBadmatch                      KrbErrCode = "KRB_AP_ERR_BADMATCH"
	KrbErrCodeKrbApErrSkew                          KrbErrCode = "KRB_AP_ERR_SKEW"
	KrbErrCodeKrbApErrBadaddr                       KrbErrCode = "KRB_AP_ERR_BADADDR"
	KrbErrCodeKrbApErrBadversion                    KrbErrCode = "KRB_AP_ERR_BADVERSION"
	KrbErrCodeKrbApErrMsgType                       KrbErrCode = "KRB_AP_ERR_MSG_TYPE"
	KrbErrCodeKrbApErrModified                      KrbErrCode = "KRB_AP_ERR_MODIFIED"
	KrbErrCodeKrbApErrBadorder                      KrbErrCode = "KRB_AP_ERR_BADORDER"
	KrbErrCodeKrbApErrBadkeyver                     KrbErrCode = "KRB_AP_ERR_BADKEYVER"
	KrbErrCodeKrbApErrNokey                         KrbErrCode = "KRB_AP_ERR_NOKEY"
	KrbErrCodeKrbApErrMutFail                       KrbErrCode = "KRB_AP_ERR_MUT_FAIL"
	KrbErrCodeKrbApErrBaddirection                  KrbErrCode = "KRB_AP_ERR_BADDIRECTION"
	KrbErrCodeKrbApErrMethod                        KrbErrCode = "KRB_AP_ERR_METHOD"
	KrbErrCodeKrbApErrBadseq                        KrbErrCode = "KRB_AP_ERR_BADSEQ"
	KrbErrCodeKrbApErrInappCksum                    KrbErrCode = "KRB_AP_ERR_INAPP_CKSUM"
	KrbErrCodeKrbApPathNotAccepted                  KrbErrCode = "KRB_AP_PATH_NOT_ACCEPTED"
	KrbErrCodeKrbErrResponseTooBig                  KrbErrCode = "KRB_ERR_RESPONSE_TOO_BIG"
	KrbErrCodeKrbErrGeneric                         KrbErrCode = "KRB_ERR_GENERIC"
	KrbErrCodeKrbErrFieldToolong                    KrbErrCode = "KRB_ERR_FIELD_TOOLONG"
	KrbErrCodeKdcErrClientNotTrusted                KrbErrCode = "KDC_ERR_CLIENT_NOT_TRUSTED"
	KrbErrCodeKdcErrKdcNotTrusted                   KrbErrCode = "KDC_ERR_KDC_NOT_TRUSTED"
	KrbErrCodeKdcErrInvalidSig                      KrbErrCode = "KDC_ERR_INVALID_SIG"
	KrbErrCodeKdcErrDhKeyParametersNotAccepted      KrbErrCode = "KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED"
	KrbErrCodeKdcErrCertificateMismatch             KrbErrCode = "KDC_ERR_CERTIFICATE_MISMATCH"
	KrbErrCodeKrbApErrNoTgt                         KrbErrCode = "KRB_AP_ERR_NO_TGT"
	KrbErrCodeKdcErrWrongRealm                      KrbErrCode = "KDC_ERR_WRONG_REALM"
	KrbErrCodeKrbApErrUserToUserRequired            KrbErrCode = "KRB_AP_ERR_USER_TO_USER_REQUIRED"
	KrbErrCodeKdcErrCantVerifyCertificate           KrbErrCode = "KDC_ERR_CANT_VERIFY_CERTIFICATE"
	KrbErrCodeKdcErrInvalidCertificate              KrbErrCode = "KDC_ERR_INVALID_CERTIFICATE"
	KrbErrCodeKdcErrRevokedCertificate              KrbErrCode = "KDC_ERR_REVOKED_CERTIFICATE"
	KrbErrCodeKdcErrRevocationStatusUnknown         KrbErrCode = "KDC_ERR_REVOCATION_STATUS_UNKNOWN"
	KrbErrCodeKdcErrRevocationStatusUnavailable     KrbErrCode = "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE"
	KrbErrCodeKdcErrClientNameMismatch              KrbErrCode = "KDC_ERR_CLIENT_NAME_MISMATCH"
	KrbErrCodeKdcErrInconsistentKeyPurpose          KrbErrCode = "KDC_ERR_INCONSISTENT_KEY_PURPOSE"
	KrbErrCodeKdcErrDigestInCertNotAccepted         KrbErrCode = "KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED"
	KrbErrCodeKdcErrPaChecksumMustBeIncluded        KrbErrCode = "KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED"
	KrbErrCodeKdcErrDigestInSignedDataNotAccepted   KrbErrCode = "KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED"
	KrbErrCodeKdcErrPublicKeyEncryptionNotSupported KrbErrCode = "KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED"
	KrbErrCodeKrbApErrIakerbKdcNotFound             KrbErrCode = "KRB_AP_ERR_IAKERB_KDC_NOT_FOUND"
	KrbErrCodeKrbApErrIakerbKdcNoResponse           KrbErrCode = "KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE"
	KrbErrCodeKrbErrMax                             KrbErrCode = "KRB_ERR_MAX"
)

func (KrbErrCode) IsValid 

func (e KrbErrCode) IsValid() bool

func (KrbErrCode) MarshalGQL 

func (e KrbErrCode) MarshalGQL(w io.Writer)

func (KrbErrCode) String 

func (e KrbErrCode) String() string

func (*KrbErrCode) UnmarshalGQL 

func (e *KrbErrCode) UnmarshalGQL(v interface{}) error

type KrbtgtAccountAdminRole 

type KrbtgtAccountAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (KrbtgtAccountAdminRole) GetAuthorizingContainingEntitiesIds 

func (this KrbtgtAccountAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (KrbtgtAccountAdminRole) GetAuthorizingGroupIds 

func (this KrbtgtAccountAdminRole) GetAuthorizingGroupIds() []string

func (KrbtgtAccountAdminRole) GetBuiltin 

func (this KrbtgtAccountAdminRole) GetBuiltin() bool

func (KrbtgtAccountAdminRole) GetConfirmed 

func (this KrbtgtAccountAdminRole) GetConfirmed() bool

func (KrbtgtAccountAdminRole) GetFullPath 

func (this KrbtgtAccountAdminRole) GetFullPath() *string

func (KrbtgtAccountAdminRole) GetProbability 

func (this KrbtgtAccountAdminRole) GetProbability() *float64

func (KrbtgtAccountAdminRole) GetType 

func (this KrbtgtAccountAdminRole) GetType() EntityRoleType

func (KrbtgtAccountAdminRole) IsAdminAccountRole 

func (KrbtgtAccountAdminRole) IsAdminAccountRole()

func (KrbtgtAccountAdminRole) IsDomainLevelAdminRole 

func (KrbtgtAccountAdminRole) IsDomainLevelAdminRole()

func (KrbtgtAccountAdminRole) IsEntityRole 

func (KrbtgtAccountAdminRole) IsEntityRole()

type LdapBindResult 

type LdapBindResult string
const (
	LdapBindResultSuccess                       LdapBindResult = "SUCCESS"
	LdapBindResultOperationError                LdapBindResult = "OPERATION_ERROR"
	LdapBindResultProtocolError                 LdapBindResult = "PROTOCOL_ERROR"
	LdapBindResultTimeLimitExceeded             LdapBindResult = "TIME_LIMIT_EXCEEDED"
	LdapBindResultSizeLimitExceeded             LdapBindResult = "SIZE_LIMIT_EXCEEDED"
	LdapBindResultCompareFalse                  LdapBindResult = "COMPARE_FALSE"
	LdapBindResultCompareTrue                   LdapBindResult = "COMPARE_TRUE"
	LdapBindResultAuthMethodNotSupported        LdapBindResult = "AUTH_METHOD_NOT_SUPPORTED"
	LdapBindResultStrongerAuthRequired          LdapBindResult = "STRONGER_AUTH_REQUIRED"
	LdapBindResultReferral                      LdapBindResult = "REFERRAL"
	LdapBindResultAdminLimitExceeded            LdapBindResult = "ADMIN_LIMIT_EXCEEDED"
	LdapBindResultUnavailableCriticialExtension LdapBindResult = "UNAVAILABLE_CRITICIAL_EXTENSION"
	LdapBindResultConfidentialityRequired       LdapBindResult = "CONFIDENTIALITY_REQUIRED"
	LdapBindResultSaslBindInProgress            LdapBindResult = "SASL_BIND_IN_PROGRESS"
	LdapBindResultNoSuchAttribute               LdapBindResult = "NO_SUCH_ATTRIBUTE"
	LdapBindResultUndefinedType                 LdapBindResult = "UNDEFINED_TYPE"
	LdapBindResultInappropriateMatching         LdapBindResult = "INAPPROPRIATE_MATCHING"
	LdapBindResultConstantViolation             LdapBindResult = "CONSTANT_VIOLATION"
	LdapBindResultTypeOrValueExists             LdapBindResult = "TYPE_OR_VALUE_EXISTS"
	LdapBindResultInvalidSyntax                 LdapBindResult = "INVALID_SYNTAX"
	LdapBindResultNoSuchObject                  LdapBindResult = "NO_SUCH_OBJECT"
	LdapBindResultAliasProblem                  LdapBindResult = "ALIAS_PROBLEM"
	LdapBindResultInvalidDnSyntax               LdapBindResult = "INVALID_DN_SYNTAX"
	LdapBindResultIsLeaf                        LdapBindResult = "IS_LEAF"
	LdapBindResultAliasDerefProblem             LdapBindResult = "ALIAS_DEREF_PROBLEM"
	LdapBindResultInappropriateAuth             LdapBindResult = "INAPPROPRIATE_AUTH"
	LdapBindResultInvalidCredentials            LdapBindResult = "INVALID_CREDENTIALS"
	LdapBindResultInsufficientAccess            LdapBindResult = "INSUFFICIENT_ACCESS"
	LdapBindResultBusy                          LdapBindResult = "BUSY"
	LdapBindResultUnavailable                   LdapBindResult = "UNAVAILABLE"
	LdapBindResultUnwillingToPerform            LdapBindResult = "UNWILLING_TO_PERFORM"
	LdapBindResultLoopDetect                    LdapBindResult = "LOOP_DETECT"
	LdapBindResultNamingViolation               LdapBindResult = "NAMING_VIOLATION"
	LdapBindResultObjectClassViolation          LdapBindResult = "OBJECT_CLASS_VIOLATION"
	LdapBindResultNotAllowedOnNonleaf           LdapBindResult = "NOT_ALLOWED_ON_NONLEAF"
	LdapBindResultNotAllowedOnRdn               LdapBindResult = "NOT_ALLOWED_ON_RDN"
	LdapBindResultAlreadyExists                 LdapBindResult = "ALREADY_EXISTS"
	LdapBindResultNoObjectClassMods             LdapBindResult = "NO_OBJECT_CLASS_MODS"
	LdapBindResultResultsTooLarge               LdapBindResult = "RESULTS_TOO_LARGE"
	LdapBindResultAffectsToMultipleDsas         LdapBindResult = "AFFECTS_TO_MULTIPLE_DSAS"
	LdapBindResultBuiltinOtherCode              LdapBindResult = "BUILTIN_OTHER_CODE"
	LdapBindResultTLSNotSupported               LdapBindResult = "TLS_NOT_SUPPORTED"
	LdapBindResultOther                         LdapBindResult = "OTHER"
)

func (LdapBindResult) IsValid 

func (e LdapBindResult) IsValid() bool

func (LdapBindResult) MarshalGQL 

func (e LdapBindResult) MarshalGQL(w io.Writer)

func (LdapBindResult) String 

func (e LdapBindResult) String() string

func (*LdapBindResult) UnmarshalGQL 

func (e *LdapBindResult) UnmarshalGQL(v interface{}) error

type LdapErrorDetails 

type LdapErrorDetails struct {
	// The LDAP operation result associated with the error.
	LdapError LdapOperationResult `json:"ldapError"`
	// A human-readable error message describing an error or failure.
	Message string `json:"message"`
}

A specialized `ErrorDetails` implementation for LDAP activities.

func (LdapErrorDetails) GetMessage 

func (this LdapErrorDetails) GetMessage() string

A human-readable error message describing an error or failure.

func (LdapErrorDetails) IsErrorDetails 

func (LdapErrorDetails) IsErrorDetails()

type LdapOperationResult 

type LdapOperationResult string
const (
	LdapOperationResultLdapSuccess                      LdapOperationResult = "LDAP_SUCCESS"
	LdapOperationResultLdapOperationsError              LdapOperationResult = "LDAP_OPERATIONS_ERROR"
	LdapOperationResultLdapProtocolError                LdapOperationResult = "LDAP_PROTOCOL_ERROR"
	LdapOperationResultLdapTimelimitExceeded            LdapOperationResult = "LDAP_TIMELIMIT_EXCEEDED"
	LdapOperationResultLdapSizelimitExceeded            LdapOperationResult = "LDAP_SIZELIMIT_EXCEEDED"
	LdapOperationResultLdapCompareFalse                 LdapOperationResult = "LDAP_COMPARE_FALSE"
	LdapOperationResultLdapCompareTrue                  LdapOperationResult = "LDAP_COMPARE_TRUE"
	LdapOperationResultLdapAuthMethodNotSupported       LdapOperationResult = "LDAP_AUTH_METHOD_NOT_SUPPORTED"
	LdapOperationResultLdapStrongAuthRequired           LdapOperationResult = "LDAP_STRONG_AUTH_REQUIRED"
	LdapOperationResultLdapReferral                     LdapOperationResult = "LDAP_REFERRAL"
	LdapOperationResultLdapAdminlimitExceeded           LdapOperationResult = "LDAP_ADMINLIMIT_EXCEEDED"
	LdapOperationResultLdapUnavailableCriticalExtension LdapOperationResult = "LDAP_UNAVAILABLE_CRITICAL_EXTENSION"
	LdapOperationResultLdapConfidentialityRequired      LdapOperationResult = "LDAP_CONFIDENTIALITY_REQUIRED"
	LdapOperationResultLdapSaslBindInProgress           LdapOperationResult = "LDAP_SASL_BIND_IN_PROGRESS"
	LdapOperationResultLdapNoSuchAttribute              LdapOperationResult = "LDAP_NO_SUCH_ATTRIBUTE"
	LdapOperationResultLdapUndefinedType                LdapOperationResult = "LDAP_UNDEFINED_TYPE"
	LdapOperationResultLdapInappropriateMatching        LdapOperationResult = "LDAP_INAPPROPRIATE_MATCHING"
	LdapOperationResultLdapConstraintViolation          LdapOperationResult = "LDAP_CONSTRAINT_VIOLATION"
	LdapOperationResultLdapTypeOrValueExists            LdapOperationResult = "LDAP_TYPE_OR_VALUE_EXISTS"
	LdapOperationResultLdapInvalidSyntax                LdapOperationResult = "LDAP_INVALID_SYNTAX"
	LdapOperationResultLdapNoSuchObject                 LdapOperationResult = "LDAP_NO_SUCH_OBJECT"
	LdapOperationResultLdapAliasProblem                 LdapOperationResult = "LDAP_ALIAS_PROBLEM"
	LdapOperationResultLdapInvalidDnSyntax              LdapOperationResult = "LDAP_INVALID_DN_SYNTAX"
	LdapOperationResultLdapAliasDerefProblem            LdapOperationResult = "LDAP_ALIAS_DEREF_PROBLEM"
	LdapOperationResultLdapInappropriateAuth            LdapOperationResult = "LDAP_INAPPROPRIATE_AUTH"
	LdapOperationResultInvalidCredentials               LdapOperationResult = "INVALID_CREDENTIALS"
	LdapOperationResultWrongUsernameCasingOrPassword    LdapOperationResult = "WRONG_USERNAME_CASING_OR_PASSWORD"
	LdapOperationResultAccountDoesNotExist              LdapOperationResult = "ACCOUNT_DOES_NOT_EXIST"
	LdapOperationResultAccountIsLockedOrDisabled        LdapOperationResult = "ACCOUNT_IS_LOCKED_OR_DISABLED"
	LdapOperationResultClockSkew                        LdapOperationResult = "CLOCK_SKEW"
	LdapOperationResultAccountPasswordExpired           LdapOperationResult = "ACCOUNT_PASSWORD_EXPIRED"
	LdapOperationResultLdapInsufficientAccess           LdapOperationResult = "LDAP_INSUFFICIENT_ACCESS"
	LdapOperationResultLdapBusy                         LdapOperationResult = "LDAP_BUSY"
	LdapOperationResultLdapUnavailable                  LdapOperationResult = "LDAP_UNAVAILABLE"
	LdapOperationResultLdapUnwillingToPerform           LdapOperationResult = "LDAP_UNWILLING_TO_PERFORM"
	LdapOperationResultLdapLoopDetect                   LdapOperationResult = "LDAP_LOOP_DETECT"
	LdapOperationResultLdapNamingViolation              LdapOperationResult = "LDAP_NAMING_VIOLATION"
	LdapOperationResultLdapObjectClassViolation         LdapOperationResult = "LDAP_OBJECT_CLASS_VIOLATION"
	LdapOperationResultLdapNotAllowedOnNonleaf          LdapOperationResult = "LDAP_NOT_ALLOWED_ON_NONLEAF"
	LdapOperationResultLdapNotAllowedOnRdn              LdapOperationResult = "LDAP_NOT_ALLOWED_ON_RDN"
	LdapOperationResultLdapAlreadyExists                LdapOperationResult = "LDAP_ALREADY_EXISTS"
	LdapOperationResultLdapNoObjectClassMods            LdapOperationResult = "LDAP_NO_OBJECT_CLASS_MODS"
	LdapOperationResultLdapAffectsMultipleDsas          LdapOperationResult = "LDAP_AFFECTS_MULTIPLE_DSAS"
	LdapOperationResultLdapDomainNotFound               LdapOperationResult = "LDAP_DOMAIN_NOT_FOUND"
	LdapOperationResultLdapCertificateNotFound          LdapOperationResult = "LDAP_CERTIFICATE_NOT_FOUND"
	LdapOperationResultLdapConnectError                 LdapOperationResult = "LDAP_CONNECT_ERROR"
	LdapOperationResultLdapOther                        LdapOperationResult = "LDAP_OTHER"
)

func (LdapOperationResult) IsValid 

func (e LdapOperationResult) IsValid() bool

func (LdapOperationResult) MarshalGQL 

func (e LdapOperationResult) MarshalGQL(w io.Writer)

func (LdapOperationResult) String 

func (e LdapOperationResult) String() string

func (*LdapOperationResult) UnmarshalGQL 

func (e *LdapOperationResult) UnmarshalGQL(v interface{}) error

type LdapQuerySignature 

type LdapQuerySignature string
const (
	LdapQuerySignatureGpoSearch                        LdapQuerySignature = "GPO_SEARCH"
	LdapQuerySignatureGroupMembershipEnumeration       LdapQuerySignature = "GROUP_MEMBERSHIP_ENUMERATION"
	LdapQuerySignatureACLEnumeration                   LdapQuerySignature = "ACL_ENUMERATION"
	LdapQuerySignatureSingleEntryQuery                 LdapQuerySignature = "SINGLE_ENTRY_QUERY"
	LdapQuerySignatureSpnEnumeration                   LdapQuerySignature = "SPN_ENUMERATION"
	LdapQuerySignatureTrustEnumeration                 LdapQuerySignature = "TRUST_ENUMERATION"
	LdapQuerySignatureGpoEnumeration                   LdapQuerySignature = "GPO_ENUMERATION"
	LdapQuerySignatureUserEnumeration                  LdapQuerySignature = "USER_ENUMERATION"
	LdapQuerySignatureEndpointEnumeration              LdapQuerySignature = "ENDPOINT_ENUMERATION"
	LdapQuerySignatureDcEnumeration                    LdapQuerySignature = "DC_ENUMERATION"
	LdapQuerySignatureGroupEnumeration                 LdapQuerySignature = "GROUP_ENUMERATION"
	LdapQuerySignatureOuEnumeration                    LdapQuerySignature = "OU_ENUMERATION"
	LdapQuerySignatureAllObjectsEnumeration            LdapQuerySignature = "ALL_OBJECTS_ENUMERATION"
	LdapQuerySignatureAdcsEnumeration                  LdapQuerySignature = "ADCS_ENUMERATION"
	LdapQuerySignatureAdcsMisconfigEnumeration         LdapQuerySignature = "ADCS_MISCONFIG_ENUMERATION"
	LdapQuerySignatureBloodhoundSharphound             LdapQuerySignature = "BLOODHOUND_SHARPHOUND"
	LdapQuerySignatureSpnEnumerationImpacket           LdapQuerySignature = "SPN_ENUMERATION_IMPACKET"
	LdapQuerySignatureBloodhoundPowershell             LdapQuerySignature = "BLOODHOUND_POWERSHELL"
	LdapQuerySignatureSpnEnumerationKerberoasting      LdapQuerySignature = "SPN_ENUMERATION_KERBEROASTING"
	LdapQuerySignatureSpnEnumerationEmpire             LdapQuerySignature = "SPN_ENUMERATION_EMPIRE"
	LdapQuerySignatureSpnEnumerationPowersploit        LdapQuerySignature = "SPN_ENUMERATION_POWERSPLOIT"
	LdapQuerySignatureSpnEnumerationRubeus             LdapQuerySignature = "SPN_ENUMERATION_RUBEUS"
	LdapQuerySignaturePreauthEnumeration               LdapQuerySignature = "PREAUTH_ENUMERATION"
	LdapQuerySignaturePreauthEnumerationRubeus         LdapQuerySignature = "PREAUTH_ENUMERATION_RUBEUS"
	LdapQuerySignatureDelegationReconnaissance         LdapQuerySignature = "DELEGATION_RECONNAISSANCE"
	LdapQuerySignatureDelegationReconnaissanceImpacket LdapQuerySignature = "DELEGATION_RECONNAISSANCE_IMPACKET"
	LdapQuerySignaturePreauthEnumerationCme            LdapQuerySignature = "PREAUTH_ENUMERATION_CME"
	LdapQuerySignatureDelegationReconnaissanceCme      LdapQuerySignature = "DELEGATION_RECONNAISSANCE_CME"
	LdapQuerySignatureAdminCountEnumeration            LdapQuerySignature = "ADMIN_COUNT_ENUMERATION"
	LdapQuerySignatureAdminCountEnumerationCme         LdapQuerySignature = "ADMIN_COUNT_ENUMERATION_CME"
	LdapQuerySignatureBloodhoundPython                 LdapQuerySignature = "BLOODHOUND_PYTHON"
	LdapQuerySignatureSpnEnumerationKerberoast         LdapQuerySignature = "SPN_ENUMERATION_KERBEROAST"
	LdapQuerySignatureAdfind                           LdapQuerySignature = "ADFIND"
	LdapQuerySignatureKrbRelay                         LdapQuerySignature = "KRB_RELAY"
	LdapQuerySignatureCertipy                          LdapQuerySignature = "CERTIPY"
	LdapQuerySignatureAdcsReconTools                   LdapQuerySignature = "ADCS_RECON_TOOLS"
	LdapQuerySignatureRubeusEnumerationDomainPolicy    LdapQuerySignature = "RUBEUS_ENUMERATION_DOMAIN_POLICY"
	LdapQuerySignatureAdreconReconnaissance            LdapQuerySignature = "ADRECON_RECONNAISSANCE"
	LdapQuerySignatureMlHighConfidence                 LdapQuerySignature = "ML_HIGH_CONFIDENCE"
)

func (LdapQuerySignature) IsValid 

func (e LdapQuerySignature) IsValid() bool

func (LdapQuerySignature) MarshalGQL 

func (e LdapQuerySignature) MarshalGQL(w io.Writer)

func (LdapQuerySignature) String 

func (e LdapQuerySignature) String() string

func (*LdapQuerySignature) UnmarshalGQL 

func (e *LdapQuerySignature) UnmarshalGQL(v interface{}) error

type LdapSecurityType 

type LdapSecurityType string
const (
	LdapSecurityTypeUnknown             LdapSecurityType = "UNKNOWN"
	LdapSecurityTypeNone                LdapSecurityType = "NONE"
	LdapSecurityTypeTLS                 LdapSecurityType = "TLS"
	LdapSecurityTypeSaslIntegrity       LdapSecurityType = "SASL_INTEGRITY"
	LdapSecurityTypeSaslConfidentiality LdapSecurityType = "SASL_CONFIDENTIALITY"
)

func (LdapSecurityType) IsValid 

func (e LdapSecurityType) IsValid() bool

func (LdapSecurityType) MarshalGQL 

func (e LdapSecurityType) MarshalGQL(w io.Writer)

func (LdapSecurityType) String 

func (e LdapSecurityType) String() string

func (*LdapSecurityType) UnmarshalGQL 

func (e *LdapSecurityType) UnmarshalGQL(v interface{}) error

type LinkedAccountsRiskEntityFactor 

type LinkedAccountsRiskEntityFactor struct {
	RiskyLinkID string         `json:"riskyLinkId"`
	Score       string         `json:"score"`
	Severity    ScoreSeverity  `json:"severity"`
	Type        RiskFactorType `json:"type"`
}

func (LinkedAccountsRiskEntityFactor) GetScore 

func (this LinkedAccountsRiskEntityFactor) GetScore() string

func (LinkedAccountsRiskEntityFactor) GetSeverity 

func (this LinkedAccountsRiskEntityFactor) GetSeverity() ScoreSeverity

func (LinkedAccountsRiskEntityFactor) GetType 

func (this LinkedAccountsRiskEntityFactor) GetType() RiskFactorType

func (LinkedAccountsRiskEntityFactor) IsEntityRiskFactor 

func (LinkedAccountsRiskEntityFactor) IsEntityRiskFactor()

type LocalAdminDomainEntityAssociation 

type LocalAdminDomainEntityAssociation struct {
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	BindingType BindingType `json:"bindingType"`
	// The associated entity.
	Entity          Entity     `json:"entity"`
	EntityType      EntityType `json:"entityType"`
	LastDataRefresh string     `json:"lastDataRefresh"`
	LastLogin       *string    `json:"lastLogin,omitempty"`
}

A specialized `Association` type for entity associations

func (LocalAdminDomainEntityAssociation) GetBindingType 

func (this LocalAdminDomainEntityAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (LocalAdminDomainEntityAssociation) GetEntity 

func (this LocalAdminDomainEntityAssociation) GetEntity() Entity

The associated entity.

func (LocalAdminDomainEntityAssociation) IsAssociation 

func (LocalAdminDomainEntityAssociation) IsAssociation()

func (LocalAdminDomainEntityAssociation) IsEntityAssociation 

func (LocalAdminDomainEntityAssociation) IsEntityAssociation()

type LocalAdminLocalUserAssociation 

type LocalAdminLocalUserAssociation struct {
	AccountEnabled        bool   `json:"accountEnabled"`
	AccountName           string `json:"accountName"`
	AdminsSharingPassword int    `json:"adminsSharingPassword"`
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	BindingType        BindingType `json:"bindingType"`
	LastDataRefresh    string      `json:"lastDataRefresh"`
	LastLogin          *string     `json:"lastLogin,omitempty"`
	LastPasswordChange *string     `json:"lastPasswordChange,omitempty"`
	ObjectSid          string      `json:"objectSid"`
}

An association between two entities. The nature of the association and the specific subtype are determined by `bindingType`.

**Symmetric vs. Asymmetric**: Depending on the binding type, an association can be symmetric or asymmetric. A symmetric association is set on both participating entities, each pointing to the other one. For example, the `LOGIN` association is symmetric. Therefore, if a user has a `LOGIN` association with an endpoint, the endpoint should have the same association with the user. Conversely, if a user has a `SERVICE_ACCESS` association with a server, the server is not supposed to have the same association with the user, because the `SERVICE_ACCESS` association is asymmetric. The documentation for `BindingType` specifies which binding types are symmetric and which are asymmetric.

func (LocalAdminLocalUserAssociation) GetBindingType 

func (this LocalAdminLocalUserAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (LocalAdminLocalUserAssociation) IsAssociation 

func (LocalAdminLocalUserAssociation) IsAssociation()

type LocalAdminRole 

type LocalAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EndpointCount                    int            `json:"endpointCount"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (LocalAdminRole) GetAuthorizingContainingEntitiesIds 

func (this LocalAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (LocalAdminRole) GetAuthorizingGroupIds 

func (this LocalAdminRole) GetAuthorizingGroupIds() []string

func (LocalAdminRole) GetBuiltin 

func (this LocalAdminRole) GetBuiltin() bool

func (LocalAdminRole) GetConfirmed 

func (this LocalAdminRole) GetConfirmed() bool

func (LocalAdminRole) GetFullPath 

func (this LocalAdminRole) GetFullPath() *string

func (LocalAdminRole) GetProbability 

func (this LocalAdminRole) GetProbability() *float64

func (LocalAdminRole) GetType 

func (this LocalAdminRole) GetType() EntityRoleType

func (LocalAdminRole) IsAdminAccountRole 

func (LocalAdminRole) IsAdminAccountRole()

func (LocalAdminRole) IsEntityRole 

func (LocalAdminRole) IsEntityRole()

type MailboxRole 

type MailboxRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (MailboxRole) GetConfirmed 

func (this MailboxRole) GetConfirmed() bool

func (MailboxRole) GetFullPath 

func (this MailboxRole) GetFullPath() *string

func (MailboxRole) GetProbability 

func (this MailboxRole) GetProbability() *float64

func (MailboxRole) GetType 

func (this MailboxRole) GetType() EntityRoleType

func (MailboxRole) IsClassificationRole 

func (MailboxRole) IsClassificationRole()

func (MailboxRole) IsEntityRole 

func (MailboxRole) IsEntityRole()

func (MailboxRole) IsProgrammaticUserAccountRole 

func (MailboxRole) IsProgrammaticUserAccountRole()

type MailingListRole 

type MailingListRole interface {
	IsMailingListRole()
	GetBuiltin() bool
	GetConfirmed() bool
	GetEmailAddresses() []string
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type MfaConnectorDescriptor 

type MfaConnectorDescriptor struct {
	ConnectorType MfaConnectorType `json:"connectorType"`
	ProviderType  *string          `json:"providerType,omitempty"`
}

type MfaConnectorType 

type MfaConnectorType string

An enumeration of Multi-Factor Authentication connector types. 

const (
	MfaConnectorTypeDuoAuth         MfaConnectorType = "DUO_AUTH"
	MfaConnectorTypeSecureAuthAuth  MfaConnectorType = "SECURE_AUTH_AUTH"
	MfaConnectorTypeOktaAuth        MfaConnectorType = "OKTA_AUTH"
	MfaConnectorTypeSymantecVipAuth MfaConnectorType = "SYMANTEC_VIP_AUTH"
	MfaConnectorTypeRsaAuth         MfaConnectorType = "RSA_AUTH"
	MfaConnectorTypeRsaCas          MfaConnectorType = "RSA_CAS"
	MfaConnectorTypeGoogleAuth      MfaConnectorType = "GOOGLE_AUTH"
	MfaConnectorTypeAzureMfa        MfaConnectorType = "AZURE_MFA"
	MfaConnectorTypeAzureAuth       MfaConnectorType = "AZURE_AUTH"
	MfaConnectorTypeRadius          MfaConnectorType = "RADIUS"
	MfaConnectorTypePingIDEntityMfa MfaConnectorType = "PING_IDENTITY_MFA"
	MfaConnectorTypeCyberArk        MfaConnectorType = "CYBER_ARK"
	MfaConnectorTypeOneLogin        MfaConnectorType = "ONE_LOGIN"
	MfaConnectorTypeEntrust         MfaConnectorType = "ENTRUST"
	MfaConnectorTypeForgerock       MfaConnectorType = "FORGEROCK"
	MfaConnectorTypeOidc            MfaConnectorType = "OIDC"
	MfaConnectorTypeCsFalconAuth    MfaConnectorType = "CS_FALCON_AUTH"
)

func (MfaConnectorType) IsValid 

func (e MfaConnectorType) IsValid() bool

func (MfaConnectorType) MarshalGQL 

func (e MfaConnectorType) MarshalGQL(w io.Writer)

func (MfaConnectorType) String 

func (e MfaConnectorType) String() string

func (*MfaConnectorType) UnmarshalGQL 

func (e *MfaConnectorType) UnmarshalGQL(v interface{}) error

type MfaEngagementSummary 

type MfaEngagementSummary struct {
	Authorized          bool                    `json:"authorized"`
	AuthorizerID        *string                 `json:"authorizerId,omitempty"`
	ConnectorDescriptor *MfaConnectorDescriptor `json:"connectorDescriptor,omitempty"`
	EngagementType      EngagementType          `json:"engagementType"`
	FactorTypeSequence  []MfaFactorType         `json:"factorTypeSequence"`
}

func (MfaEngagementSummary) GetEngagementType 

func (this MfaEngagementSummary) GetEngagementType() EngagementType

func (MfaEngagementSummary) IsEngagementSummary 

func (MfaEngagementSummary) IsEngagementSummary()

type MfaFactorType 

type MfaFactorType string

An enumeration of Multi-Factor Authentication factor types. 

const (
	MfaFactorTypePush                   MfaFactorType = "PUSH"
	MfaFactorTypePushWithNumberMatching MfaFactorType = "PUSH_WITH_NUMBER_MATCHING"
	MfaFactorTypePushWithOtpFallback    MfaFactorType = "PUSH_WITH_OTP_FALLBACK"
	MfaFactorTypeOtp                    MfaFactorType = "OTP"
	MfaFactorTypeCallOtp                MfaFactorType = "CALL_OTP"
	MfaFactorTypeCallVerify             MfaFactorType = "CALL_VERIFY"
	MfaFactorTypeCallVerifyWithPasscode MfaFactorType = "CALL_VERIFY_WITH_PASSCODE"
	MfaFactorTypeSms1way                MfaFactorType = "SMS_1WAY"
	MfaFactorTypeSms2way                MfaFactorType = "SMS_2WAY"
	MfaFactorTypeDynamic                MfaFactorType = "DYNAMIC"
	MfaFactorTypeBiometrics             MfaFactorType = "BIOMETRICS"
	MfaFactorTypeHardwareOtp            MfaFactorType = "HARDWARE_OTP"
	MfaFactorTypeEmergencyOtp           MfaFactorType = "EMERGENCY_OTP"
	MfaFactorTypeFido                   MfaFactorType = "FIDO"
	MfaFactorTypeGridCard               MfaFactorType = "GRID_CARD"
	MfaFactorTypeOidcAuth               MfaFactorType = "OIDC_AUTH"
)

func (MfaFactorType) IsValid 

func (e MfaFactorType) IsValid() bool

func (MfaFactorType) MarshalGQL 

func (e MfaFactorType) MarshalGQL(w io.Writer)

func (MfaFactorType) String 

func (e MfaFactorType) String() string

func (*MfaFactorType) UnmarshalGQL 

func (e *MfaFactorType) UnmarshalGQL(v interface{}) error

type Mutation 

type Mutation struct {
}

type NetworkType 

type NetworkType string

An enumeration of network types (aka subnet types). 

const (
	// The fallback value indicating the network type could not be recognized.
	NetworkTypeUnknown NetworkType = "UNKNOWN"
	// Configuration-based network-type specifying a VPN subnet.
	NetworkTypeVpn NetworkType = "VPN"
	// Indicates that the activity has originated from a public IP address.
	NetworkTypePublic NetworkType = "PUBLIC"
	// Configuration-based network-type specifying a wireless subnet.
	NetworkTypeWireless NetworkType = "WIRELESS"
	// Configuration-based network-type specifying an internal organization subnet.
	NetworkTypeInternal NetworkType = "INTERNAL"
	// Configuration-based network-type specifying a NAT subnet.
	NetworkTypeNat NetworkType = "NAT"
)

func (NetworkType) IsValid 

func (e NetworkType) IsValid() bool

func (NetworkType) MarshalGQL 

func (e NetworkType) MarshalGQL(w io.Writer)

func (NetworkType) String 

func (e NetworkType) String() string

func (*NetworkType) UnmarshalGQL 

func (e *NetworkType) UnmarshalGQL(v interface{}) error

type NotificationState 

type NotificationState struct {
	Dismissed      bool        `json:"dismissed"`
	LastUpdateTime string      `json:"lastUpdateTime"`
	Resolved       bool        `json:"resolved"`
	SystemUser     *SystemUser `json:"systemUser,omitempty"`
}

type NtlmErrorCode 

type NtlmErrorCode string

An enumeration of well-known error codes Microsoft uses in their NTLM protocol implementation. 

const (
	NtlmErrorCodeNoNtlmError                 NtlmErrorCode = "NO_NTLM_ERROR"
	NtlmErrorCodeAccessDenied                NtlmErrorCode = "ACCESS_DENIED"
	NtlmErrorCodeAccountExpiration           NtlmErrorCode = "ACCOUNT_EXPIRATION"
	NtlmErrorCodeInvalidPassword             NtlmErrorCode = "INVALID_PASSWORD"
	NtlmErrorCodeLogonFailure                NtlmErrorCode = "LOGON_FAILURE"
	NtlmErrorCodeNoSuchUser                  NtlmErrorCode = "NO_SUCH_USER"
	NtlmErrorCodeAccountRestriction          NtlmErrorCode = "ACCOUNT_RESTRICTION"
	NtlmErrorCodeInvalidLogonHours           NtlmErrorCode = "INVALID_LOGON_HOURS"
	NtlmErrorCodeInvalidWorkstation          NtlmErrorCode = "INVALID_WORKSTATION"
	NtlmErrorCodePasswordExpired             NtlmErrorCode = "PASSWORD_EXPIRED"
	NtlmErrorCodeAccountDisabled             NtlmErrorCode = "ACCOUNT_DISABLED"
	NtlmErrorCodeLogonNotGranted             NtlmErrorCode = "LOGON_NOT_GRANTED"
	NtlmErrorCodeLogonTypeNotGranted         NtlmErrorCode = "LOGON_TYPE_NOT_GRANTED"
	NtlmErrorCodeAccountLockedOut            NtlmErrorCode = "ACCOUNT_LOCKED_OUT"
	NtlmErrorCodeUserChangePasswordNextLogon NtlmErrorCode = "USER_CHANGE_PASSWORD_NEXT_LOGON"
	NtlmErrorCodeOther                       NtlmErrorCode = "OTHER"
)

func (NtlmErrorCode) IsValid 

func (e NtlmErrorCode) IsValid() bool

func (NtlmErrorCode) MarshalGQL 

func (e NtlmErrorCode) MarshalGQL(w io.Writer)

func (NtlmErrorCode) String 

func (e NtlmErrorCode) String() string

func (*NtlmErrorCode) UnmarshalGQL 

func (e *NtlmErrorCode) UnmarshalGQL(v interface{}) error

type NtlmErrorDetails 

type NtlmErrorDetails struct {
	// If the NTLM error is part of an LDAP authentication over NTLM, this is set to
	// LDAP operation result associated with the failed LDAP authentication.
	LdapError *LdapOperationResult `json:"ldapError,omitempty"`
	// A human-readable error message describing an error or failure.
	Message string `json:"message"`
	// The NTLM error code associated with this error.
	NtlmError *NtlmErrorCode `json:"ntlmError,omitempty"`
}

A specialized `ErrorDetails` type for NTLM activities.

func (NtlmErrorDetails) GetMessage 

func (this NtlmErrorDetails) GetMessage() string

A human-readable error message describing an error or failure.

func (NtlmErrorDetails) IsErrorDetails 

func (NtlmErrorDetails) IsErrorDetails()

type NtlmMovementRole 

type NtlmMovementRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (NtlmMovementRole) GetConfirmed 

func (this NtlmMovementRole) GetConfirmed() bool

func (NtlmMovementRole) GetFullPath 

func (this NtlmMovementRole) GetFullPath() *string

func (NtlmMovementRole) GetProbability 

func (this NtlmMovementRole) GetProbability() *float64

func (NtlmMovementRole) GetType 

func (this NtlmMovementRole) GetType() EntityRoleType

func (NtlmMovementRole) IsClassificationRole 

func (NtlmMovementRole) IsClassificationRole()

func (NtlmMovementRole) IsEntityRole 

func (NtlmMovementRole) IsEntityRole()

type ObjectSidTakeoverAdminRole 

type ObjectSidTakeoverAdminRole struct {
	AffectedEntities                 []Entity                  `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string                  `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string                  `json:"authorizingGroupIds"`
	Builtin                          bool                      `json:"builtin"`
	Confirmed                        bool                      `json:"confirmed"`
	EffectedEntityIds                []string                  `json:"effectedEntityIds,omitempty"`
	FullPath                         *string                   `json:"fullPath,omitempty"`
	Probability                      *float64                  `json:"probability,omitempty"`
	Takeovers                        []*ObjectSidTakeoverEntry `json:"takeovers"`
	Type                             EntityRoleType            `json:"type"`
}

func (ObjectSidTakeoverAdminRole) GetAffectedEntities 

func (this ObjectSidTakeoverAdminRole) GetAffectedEntities() []Entity

func (ObjectSidTakeoverAdminRole) GetAuthorizingContainingEntitiesIds 

func (this ObjectSidTakeoverAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (ObjectSidTakeoverAdminRole) GetAuthorizingGroupIds 

func (this ObjectSidTakeoverAdminRole) GetAuthorizingGroupIds() []string

func (ObjectSidTakeoverAdminRole) GetBuiltin 

func (this ObjectSidTakeoverAdminRole) GetBuiltin() bool

func (ObjectSidTakeoverAdminRole) GetConfirmed 

func (this ObjectSidTakeoverAdminRole) GetConfirmed() bool

func (ObjectSidTakeoverAdminRole) GetEffectedEntityIds 

func (this ObjectSidTakeoverAdminRole) GetEffectedEntityIds() []string

func (ObjectSidTakeoverAdminRole) GetFullPath 

func (this ObjectSidTakeoverAdminRole) GetFullPath() *string

func (ObjectSidTakeoverAdminRole) GetProbability 

func (this ObjectSidTakeoverAdminRole) GetProbability() *float64

func (ObjectSidTakeoverAdminRole) GetType 

func (this ObjectSidTakeoverAdminRole) GetType() EntityRoleType

func (ObjectSidTakeoverAdminRole) IsAdminAccountRole 

func (ObjectSidTakeoverAdminRole) IsAdminAccountRole()

func (ObjectSidTakeoverAdminRole) IsEffectiveAdminRole 

func (ObjectSidTakeoverAdminRole) IsEffectiveAdminRole()

func (ObjectSidTakeoverAdminRole) IsEntityRole 

func (ObjectSidTakeoverAdminRole) IsEntityRole()

type ObjectSidTakeoverEntry 

type ObjectSidTakeoverEntry struct {
	Entity     Entity                  `json:"entity,omitempty"`
	Method     ObjectSidTakeoverMethod `json:"method"`
	ObjectSid  string                  `json:"objectSid"`
	Privileges []EntityRoleType        `json:"privileges"`
}

type ObjectSidTakeoverMethod 

type ObjectSidTakeoverMethod string
const (
	ObjectSidTakeoverMethodObjectSidHistory ObjectSidTakeoverMethod = "OBJECT_SID_HISTORY"
	ObjectSidTakeoverMethodUnknown          ObjectSidTakeoverMethod = "UNKNOWN"
)

func (ObjectSidTakeoverMethod) IsValid 

func (e ObjectSidTakeoverMethod) IsValid() bool

func (ObjectSidTakeoverMethod) MarshalGQL 

func (e ObjectSidTakeoverMethod) MarshalGQL(w io.Writer)

func (ObjectSidTakeoverMethod) String 

func (e ObjectSidTakeoverMethod) String() string

func (*ObjectSidTakeoverMethod) UnmarshalGQL 

func (e *ObjectSidTakeoverMethod) UnmarshalGQL(v interface{}) error

type OperatingSystemFamily 

type OperatingSystemFamily string
const (
	OperatingSystemFamilyWindows OperatingSystemFamily = "WINDOWS"
	OperatingSystemFamilyOsx     OperatingSystemFamily = "OSX"
	OperatingSystemFamilyUnix    OperatingSystemFamily = "UNIX"
	OperatingSystemFamilyLinux   OperatingSystemFamily = "LINUX"
	OperatingSystemFamilyIos     OperatingSystemFamily = "IOS"
	OperatingSystemFamilyAndroid OperatingSystemFamily = "ANDROID"
	OperatingSystemFamilyOther   OperatingSystemFamily = "OTHER"
)

func (OperatingSystemFamily) IsValid 

func (e OperatingSystemFamily) IsValid() bool

func (OperatingSystemFamily) MarshalGQL 

func (e OperatingSystemFamily) MarshalGQL(w io.Writer)

func (OperatingSystemFamily) String 

func (e OperatingSystemFamily) String() string

func (*OperatingSystemFamily) UnmarshalGQL 

func (e *OperatingSystemFamily) UnmarshalGQL(v interface{}) error

type OperatingSystemInfo 

type OperatingSystemInfo struct {
	DisplayName   string                       `json:"displayName"`
	Family        OperatingSystemFamily        `json:"family"`
	Name          string                       `json:"name"`
	ServicePack   *string                      `json:"servicePack,omitempty"`
	Target        OperatingSystemTarget        `json:"target"`
	Version       *string                      `json:"version,omitempty"`
	Vulnerability OperatingSystemVulnerability `json:"vulnerability"`
}

type OperatingSystemTarget 

type OperatingSystemTarget string
const (
	OperatingSystemTargetWorkstation                 OperatingSystemTarget = "WORKSTATION"
	OperatingSystemTargetServer                      OperatingSystemTarget = "SERVER"
	OperatingSystemTargetIntegratedSolutionAppliance OperatingSystemTarget = "INTEGRATED_SOLUTION_APPLIANCE"
	OperatingSystemTargetMobile                      OperatingSystemTarget = "MOBILE"
	OperatingSystemTargetTablet                      OperatingSystemTarget = "TABLET"
	OperatingSystemTargetGameConsole                 OperatingSystemTarget = "GAME_CONSOLE"
	OperatingSystemTargetWearable                    OperatingSystemTarget = "WEARABLE"
	OperatingSystemTargetSmartTv                     OperatingSystemTarget = "SMART_TV"
	OperatingSystemTargetPda                         OperatingSystemTarget = "PDA"
	OperatingSystemTargetUndetermined                OperatingSystemTarget = "UNDETERMINED"
)

func (OperatingSystemTarget) IsValid 

func (e OperatingSystemTarget) IsValid() bool

func (OperatingSystemTarget) MarshalGQL 

func (e OperatingSystemTarget) MarshalGQL(w io.Writer)

func (OperatingSystemTarget) String 

func (e OperatingSystemTarget) String() string

func (*OperatingSystemTarget) UnmarshalGQL 

func (e *OperatingSystemTarget) UnmarshalGQL(v interface{}) error

type OperatingSystemVulnerability 

type OperatingSystemVulnerability string
const (
	OperatingSystemVulnerabilityNone    OperatingSystemVulnerability = "NONE"
	OperatingSystemVulnerabilityUnknown OperatingSystemVulnerability = "UNKNOWN"
	OperatingSystemVulnerabilityLow     OperatingSystemVulnerability = "LOW"
	OperatingSystemVulnerabilityMedium  OperatingSystemVulnerability = "MEDIUM"
	OperatingSystemVulnerabilityHigh    OperatingSystemVulnerability = "HIGH"
)

func (OperatingSystemVulnerability) IsValid 

func (e OperatingSystemVulnerability) IsValid() bool

func (OperatingSystemVulnerability) MarshalGQL 

func (e OperatingSystemVulnerability) MarshalGQL(w io.Writer)

func (OperatingSystemVulnerability) String 

func (e OperatingSystemVulnerability) String() string

func (*OperatingSystemVulnerability) UnmarshalGQL 

func (e *OperatingSystemVulnerability) UnmarshalGQL(v interface{}) error

type OperatorLevelAdminRole 

type OperatorLevelAdminRole interface {
	IsOperatorLevelAdminRole()
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type OriginAssociation 

type OriginAssociation struct {
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	BindingType BindingType `json:"bindingType"`
	// The associated entity.
	Entity Entity `json:"entity"`
}

An `EntityAssociation` in which the associated party is an entity bound by origin (see `BindingType`).

func (OriginAssociation) GetBindingType 

func (this OriginAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (OriginAssociation) GetEntity 

func (this OriginAssociation) GetEntity() Entity

The associated entity.

func (OriginAssociation) IsAssociation 

func (OriginAssociation) IsAssociation()

func (OriginAssociation) IsEntityAssociation 

func (OriginAssociation) IsEntityAssociation()

type OwnerAdminRole 

type OwnerAdminRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (OwnerAdminRole) GetAffectedEntities 

func (this OwnerAdminRole) GetAffectedEntities() []Entity

func (OwnerAdminRole) GetAuthorizingContainingEntitiesIds 

func (this OwnerAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (OwnerAdminRole) GetAuthorizingGroupIds 

func (this OwnerAdminRole) GetAuthorizingGroupIds() []string

func (OwnerAdminRole) GetBuiltin 

func (this OwnerAdminRole) GetBuiltin() bool

func (OwnerAdminRole) GetConfirmed 

func (this OwnerAdminRole) GetConfirmed() bool

func (OwnerAdminRole) GetEffectedEntityIds 

func (this OwnerAdminRole) GetEffectedEntityIds() []string

func (OwnerAdminRole) GetFullPath 

func (this OwnerAdminRole) GetFullPath() *string

func (OwnerAdminRole) GetProbability 

func (this OwnerAdminRole) GetProbability() *float64

func (OwnerAdminRole) GetType 

func (this OwnerAdminRole) GetType() EntityRoleType

func (OwnerAdminRole) IsAdminAccountRole 

func (OwnerAdminRole) IsAdminAccountRole()

func (OwnerAdminRole) IsEffectiveAdminRole 

func (OwnerAdminRole) IsEffectiveAdminRole()

func (OwnerAdminRole) IsEntityRole 

func (OwnerAdminRole) IsEntityRole()

type PageInfo 

type PageInfo struct {
	// Continuation cursor for forwards-pagination.
	EndCursor *string `json:"endCursor,omitempty"`
	// If `true` is returned, there are more items to be fetched when paginating forwards.
	HasNextPage bool `json:"hasNextPage"`
	// If `true` is returned, there are more items to be fetched when paginating backwards.
	HasPreviousPage bool `json:"hasPreviousPage"`
	// Continuation cursor for backwards-pagination.
	StartCursor *string `json:"startCursor,omitempty"`
}

Relay Connection pagination information.

type PasswordAttributes 

type PasswordAttributes interface {
	IsPasswordAttributes()
	GetAged() bool
	GetExposed() bool
	GetLastChange() *string
	GetMayExpire() bool
	GetStrength() PasswordStrength
}

type PasswordResetterAdminRole 

type PasswordResetterAdminRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (PasswordResetterAdminRole) GetAffectedEntities 

func (this PasswordResetterAdminRole) GetAffectedEntities() []Entity

func (PasswordResetterAdminRole) GetAuthorizingContainingEntitiesIds 

func (this PasswordResetterAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (PasswordResetterAdminRole) GetAuthorizingGroupIds 

func (this PasswordResetterAdminRole) GetAuthorizingGroupIds() []string

func (PasswordResetterAdminRole) GetBuiltin 

func (this PasswordResetterAdminRole) GetBuiltin() bool

func (PasswordResetterAdminRole) GetConfirmed 

func (this PasswordResetterAdminRole) GetConfirmed() bool

func (PasswordResetterAdminRole) GetEffectedEntityIds 

func (this PasswordResetterAdminRole) GetEffectedEntityIds() []string

func (PasswordResetterAdminRole) GetFullPath 

func (this PasswordResetterAdminRole) GetFullPath() *string

func (PasswordResetterAdminRole) GetProbability 

func (this PasswordResetterAdminRole) GetProbability() *float64

func (PasswordResetterAdminRole) GetType 

func (this PasswordResetterAdminRole) GetType() EntityRoleType

func (PasswordResetterAdminRole) IsAdminAccountRole 

func (PasswordResetterAdminRole) IsAdminAccountRole()

func (PasswordResetterAdminRole) IsEffectiveAdminRole 

func (PasswordResetterAdminRole) IsEffectiveAdminRole()

func (PasswordResetterAdminRole) IsEntityRole 

func (PasswordResetterAdminRole) IsEntityRole()

type PasswordStrength 

type PasswordStrength string

Enumeration of password strength values. 

const (
	PasswordStrengthUnknown PasswordStrength = "UNKNOWN"
	PasswordStrengthWeak    PasswordStrength = "WEAK"
	PasswordStrengthStrong  PasswordStrength = "STRONG"
)

func (PasswordStrength) IsValid 

func (e PasswordStrength) IsValid() bool

func (PasswordStrength) MarshalGQL 

func (e PasswordStrength) MarshalGQL(w io.Writer)

func (PasswordStrength) String 

func (e PasswordStrength) String() string

func (*PasswordStrength) UnmarshalGQL 

func (e *PasswordStrength) UnmarshalGQL(v interface{}) error

type Permission 

type Permission struct {
	AuthorizingGroupIds       []string `json:"authorizingGroupIds"`
	CaEndpointIds             []string `json:"caEndpointIds"`
	CertificateAuthorityNames []string `json:"certificateAuthorityNames"`
	PermissionName            string   `json:"permissionName"`
	TemplateNames             []string `json:"templateNames"`
}

type PermissionAssignerRole 

type PermissionAssignerRole interface {
	IsPermissionAssignerRole()
	GetBuiltin() bool
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type PermissionsControllerAdminRole 

type PermissionsControllerAdminRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (PermissionsControllerAdminRole) GetAffectedEntities 

func (this PermissionsControllerAdminRole) GetAffectedEntities() []Entity

func (PermissionsControllerAdminRole) GetAuthorizingContainingEntitiesIds 

func (this PermissionsControllerAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (PermissionsControllerAdminRole) GetAuthorizingGroupIds 

func (this PermissionsControllerAdminRole) GetAuthorizingGroupIds() []string

func (PermissionsControllerAdminRole) GetBuiltin 

func (this PermissionsControllerAdminRole) GetBuiltin() bool

func (PermissionsControllerAdminRole) GetConfirmed 

func (this PermissionsControllerAdminRole) GetConfirmed() bool

func (PermissionsControllerAdminRole) GetEffectedEntityIds 

func (this PermissionsControllerAdminRole) GetEffectedEntityIds() []string

func (PermissionsControllerAdminRole) GetFullPath 

func (this PermissionsControllerAdminRole) GetFullPath() *string

func (PermissionsControllerAdminRole) GetProbability 

func (this PermissionsControllerAdminRole) GetProbability() *float64

func (PermissionsControllerAdminRole) GetType 

func (this PermissionsControllerAdminRole) GetType() EntityRoleType

func (PermissionsControllerAdminRole) IsAdminAccountRole 

func (PermissionsControllerAdminRole) IsAdminAccountRole()

func (PermissionsControllerAdminRole) IsEffectiveAdminRole 

func (PermissionsControllerAdminRole) IsEffectiveAdminRole()

func (PermissionsControllerAdminRole) IsEntityRole 

func (PermissionsControllerAdminRole) IsEntityRole()

type PolicyQueryInput 

type PolicyQueryInput struct {
	EnforcedExternally  *bool                            `json:"enforcedExternally,omitempty"`
	MfaResults          []EngagementAuthenticationStatus `json:"mfaResults,omitempty"`
	RuleActions         []RuleAction                     `json:"ruleActions,omitempty"`
	RuleIds             []string                         `json:"ruleIds,omitempty"`
	VerificationResults []EngagementAuthenticationStatus `json:"verificationResults,omitempty"`
}

type PrintOperatorsAdminRole 

type PrintOperatorsAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (PrintOperatorsAdminRole) GetAuthorizingContainingEntitiesIds 

func (this PrintOperatorsAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (PrintOperatorsAdminRole) GetAuthorizingGroupIds 

func (this PrintOperatorsAdminRole) GetAuthorizingGroupIds() []string

func (PrintOperatorsAdminRole) GetBuiltin 

func (this PrintOperatorsAdminRole) GetBuiltin() bool

func (PrintOperatorsAdminRole) GetConfirmed 

func (this PrintOperatorsAdminRole) GetConfirmed() bool

func (PrintOperatorsAdminRole) GetFullPath 

func (this PrintOperatorsAdminRole) GetFullPath() *string

func (PrintOperatorsAdminRole) GetProbability 

func (this PrintOperatorsAdminRole) GetProbability() *float64

func (PrintOperatorsAdminRole) GetType 

func (this PrintOperatorsAdminRole) GetType() EntityRoleType

func (PrintOperatorsAdminRole) IsAdminAccountRole 

func (PrintOperatorsAdminRole) IsAdminAccountRole()

func (PrintOperatorsAdminRole) IsEntityRole 

func (PrintOperatorsAdminRole) IsEntityRole()

func (PrintOperatorsAdminRole) IsOperatorLevelAdminRole 

func (PrintOperatorsAdminRole) IsOperatorLevelAdminRole()

type PrivilegedGroupControllerAdminRole 

type PrivilegedGroupControllerAdminRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (PrivilegedGroupControllerAdminRole) GetAffectedEntities 

func (this PrivilegedGroupControllerAdminRole) GetAffectedEntities() []Entity

func (PrivilegedGroupControllerAdminRole) GetAuthorizingContainingEntitiesIds 

func (this PrivilegedGroupControllerAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (PrivilegedGroupControllerAdminRole) GetAuthorizingGroupIds 

func (this PrivilegedGroupControllerAdminRole) GetAuthorizingGroupIds() []string

func (PrivilegedGroupControllerAdminRole) GetBuiltin 

func (this PrivilegedGroupControllerAdminRole) GetBuiltin() bool

func (PrivilegedGroupControllerAdminRole) GetConfirmed 

func (this PrivilegedGroupControllerAdminRole) GetConfirmed() bool

func (PrivilegedGroupControllerAdminRole) GetEffectedEntityIds 

func (this PrivilegedGroupControllerAdminRole) GetEffectedEntityIds() []string

func (PrivilegedGroupControllerAdminRole) GetFullPath 

func (this PrivilegedGroupControllerAdminRole) GetFullPath() *string

func (PrivilegedGroupControllerAdminRole) GetProbability 

func (this PrivilegedGroupControllerAdminRole) GetProbability() *float64

func (PrivilegedGroupControllerAdminRole) GetType 

func (this PrivilegedGroupControllerAdminRole) GetType() EntityRoleType

func (PrivilegedGroupControllerAdminRole) IsAdminAccountRole 

func (PrivilegedGroupControllerAdminRole) IsAdminAccountRole()

func (PrivilegedGroupControllerAdminRole) IsEffectiveAdminRole 

func (PrivilegedGroupControllerAdminRole) IsEffectiveAdminRole()

func (PrivilegedGroupControllerAdminRole) IsEntityRole 

func (PrivilegedGroupControllerAdminRole) IsEntityRole()

type ProgrammaticUserAccountRole 

type ProgrammaticUserAccountRole interface {
	IsProgrammaticUserAccountRole()
	GetConfirmed() bool
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type ProgrammaticUserAccountRoleImpl 

type ProgrammaticUserAccountRoleImpl struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (ProgrammaticUserAccountRoleImpl) GetConfirmed 

func (this ProgrammaticUserAccountRoleImpl) GetConfirmed() bool

func (ProgrammaticUserAccountRoleImpl) GetFullPath 

func (this ProgrammaticUserAccountRoleImpl) GetFullPath() *string

func (ProgrammaticUserAccountRoleImpl) GetProbability 

func (this ProgrammaticUserAccountRoleImpl) GetProbability() *float64

func (ProgrammaticUserAccountRoleImpl) GetType 

func (this ProgrammaticUserAccountRoleImpl) GetType() EntityRoleType

func (ProgrammaticUserAccountRoleImpl) IsClassificationRole 

func (ProgrammaticUserAccountRoleImpl) IsClassificationRole()

func (ProgrammaticUserAccountRoleImpl) IsEntityRole 

func (ProgrammaticUserAccountRoleImpl) IsEntityRole()

func (ProgrammaticUserAccountRoleImpl) IsProgrammaticUserAccountRole 

func (ProgrammaticUserAccountRoleImpl) IsProgrammaticUserAccountRole()

type ProtocolType 

type ProtocolType string
const (
	ProtocolTypeKerberos ProtocolType = "KERBEROS"
	ProtocolTypeLdap     ProtocolType = "LDAP"
	ProtocolTypeNtlm     ProtocolType = "NTLM"
	ProtocolTypeDceRPC   ProtocolType = "DCE_RPC"
	ProtocolTypeSsl      ProtocolType = "SSL"
	ProtocolTypeUnknown  ProtocolType = "UNKNOWN"
)

func (ProtocolType) IsValid 

func (e ProtocolType) IsValid() bool

func (ProtocolType) MarshalGQL 

func (e ProtocolType) MarshalGQL(w io.Writer)

func (ProtocolType) String 

func (e ProtocolType) String() string

func (*ProtocolType) UnmarshalGQL 

func (e *ProtocolType) UnmarshalGQL(v interface{}) error

type Query 

type Query struct {
}

type RbacRoleDescriptor 

type RbacRoleDescriptor struct {
	// Role name
	DisplayName string `json:"displayName"`
	// Role Azure id
	RoleID string `json:"roleId"`
}

Description of Azure RBAC role definition.

type RbacSubscriptionDescriptor 

type RbacSubscriptionDescriptor struct {
	// Subscription name
	DisplayName string `json:"displayName"`
	// Subscription Azure id
	SubscriptionID string `json:"subscriptionId"`
}

Description of Azure subscription.

type ReadOnlyDomainControllersAdminRole 

type ReadOnlyDomainControllersAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (ReadOnlyDomainControllersAdminRole) GetAuthorizingContainingEntitiesIds 

func (this ReadOnlyDomainControllersAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (ReadOnlyDomainControllersAdminRole) GetAuthorizingGroupIds 

func (this ReadOnlyDomainControllersAdminRole) GetAuthorizingGroupIds() []string

func (ReadOnlyDomainControllersAdminRole) GetBuiltin 

func (this ReadOnlyDomainControllersAdminRole) GetBuiltin() bool

func (ReadOnlyDomainControllersAdminRole) GetConfirmed 

func (this ReadOnlyDomainControllersAdminRole) GetConfirmed() bool

func (ReadOnlyDomainControllersAdminRole) GetFullPath 

func (this ReadOnlyDomainControllersAdminRole) GetFullPath() *string

func (ReadOnlyDomainControllersAdminRole) GetProbability 

func (this ReadOnlyDomainControllersAdminRole) GetProbability() *float64

func (ReadOnlyDomainControllersAdminRole) GetType 

func (this ReadOnlyDomainControllersAdminRole) GetType() EntityRoleType

func (ReadOnlyDomainControllersAdminRole) IsAdminAccountRole 

func (ReadOnlyDomainControllersAdminRole) IsAdminAccountRole()

func (ReadOnlyDomainControllersAdminRole) IsDomainControllersAdminRole 

func (ReadOnlyDomainControllersAdminRole) IsDomainControllersAdminRole()

func (ReadOnlyDomainControllersAdminRole) IsDomainLevelAdminRole 

func (ReadOnlyDomainControllersAdminRole) IsDomainLevelAdminRole()

func (ReadOnlyDomainControllersAdminRole) IsEntityRole 

func (ReadOnlyDomainControllersAdminRole) IsEntityRole()

type RecentlyVerifiedLoginBindingAssociation 

type RecentlyVerifiedLoginBindingAssociation struct {
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	BindingType BindingType `json:"bindingType"`
	// The associated entity.
	Entity           Entity `json:"entity"`
	Simulated        bool   `json:"simulated"`
	VerificationTime string `json:"verificationTime"`
}

A specialized `Association` type for entity associations

func (RecentlyVerifiedLoginBindingAssociation) GetBindingType 

func (this RecentlyVerifiedLoginBindingAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (RecentlyVerifiedLoginBindingAssociation) GetEntity 

func (this RecentlyVerifiedLoginBindingAssociation) GetEntity() Entity

The associated entity.

func (RecentlyVerifiedLoginBindingAssociation) GetSimulated 

func (this RecentlyVerifiedLoginBindingAssociation) GetSimulated() bool

func (RecentlyVerifiedLoginBindingAssociation) IsAssociation 

func (RecentlyVerifiedLoginBindingAssociation) IsAssociation()

func (RecentlyVerifiedLoginBindingAssociation) IsEntityAssociation 

func (RecentlyVerifiedLoginBindingAssociation) IsEntityAssociation()

func (RecentlyVerifiedLoginBindingAssociation) IsSimulatableAssociation 

func (RecentlyVerifiedLoginBindingAssociation) IsSimulatableAssociation()

type RegisteredTenantType 

type RegisteredTenantType string
const (
	RegisteredTenantTypeExternal        RegisteredTenantType = "EXTERNAL"
	RegisteredTenantTypeRegisteredApp   RegisteredTenantType = "REGISTERED_APP"
	RegisteredTenantTypeManagedIDEntity RegisteredTenantType = "MANAGED_IDENTITY"
)

func (RegisteredTenantType) IsValid 

func (e RegisteredTenantType) IsValid() bool

func (RegisteredTenantType) MarshalGQL 

func (e RegisteredTenantType) MarshalGQL(w io.Writer)

func (RegisteredTenantType) String 

func (e RegisteredTenantType) String() string

func (*RegisteredTenantType) UnmarshalGQL 

func (e *RegisteredTenantType) UnmarshalGQL(v interface{}) error

type RemoteCodeExecutionMethod 

type RemoteCodeExecutionMethod string
const (
	RemoteCodeExecutionMethodPsExec RemoteCodeExecutionMethod = "PS_EXEC"
)

func (RemoteCodeExecutionMethod) IsValid 

func (e RemoteCodeExecutionMethod) IsValid() bool

func (RemoteCodeExecutionMethod) MarshalGQL 

func (e RemoteCodeExecutionMethod) MarshalGQL(w io.Writer)

func (RemoteCodeExecutionMethod) String 

func (e RemoteCodeExecutionMethod) String() string

func (*RemoteCodeExecutionMethod) UnmarshalGQL 

func (e *RemoteCodeExecutionMethod) UnmarshalGQL(v interface{}) error

type RemoveUserEntityAuthorizerInput 

type RemoveUserEntityAuthorizerInput struct {
	AuthorizerEntityQuery *EntityQueryInput `json:"authorizerEntityQuery"`
	ClientMutationID      *string           `json:"clientMutationId,omitempty"`
	EntityQuery           *EntityQueryInput `json:"entityQuery"`
}

type ReplicatorsAdminRole 

type ReplicatorsAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (ReplicatorsAdminRole) GetAuthorizingContainingEntitiesIds 

func (this ReplicatorsAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (ReplicatorsAdminRole) GetAuthorizingGroupIds 

func (this ReplicatorsAdminRole) GetAuthorizingGroupIds() []string

func (ReplicatorsAdminRole) GetBuiltin 

func (this ReplicatorsAdminRole) GetBuiltin() bool

func (ReplicatorsAdminRole) GetConfirmed 

func (this ReplicatorsAdminRole) GetConfirmed() bool

func (ReplicatorsAdminRole) GetFullPath 

func (this ReplicatorsAdminRole) GetFullPath() *string

func (ReplicatorsAdminRole) GetProbability 

func (this ReplicatorsAdminRole) GetProbability() *float64

func (ReplicatorsAdminRole) GetType 

func (this ReplicatorsAdminRole) GetType() EntityRoleType

func (ReplicatorsAdminRole) IsAdminAccountRole 

func (ReplicatorsAdminRole) IsAdminAccountRole()

func (ReplicatorsAdminRole) IsEntityRole 

func (ReplicatorsAdminRole) IsEntityRole()

func (ReplicatorsAdminRole) IsOperatorLevelAdminRole 

func (ReplicatorsAdminRole) IsOperatorLevelAdminRole()

type RiskByMembershipResult 

type RiskByMembershipResult struct {
	// The Active Directory domain name.
	Domain string `json:"domain"`
	// The group name
	Group string `json:"group"`
	// The number of entities in the group.
	GroupSize int `json:"groupSize"`
	// The overall impact score associated with the group.
	Impact string `json:"impact"`
	// The group type.
	MembershipType EntityMembershipType `json:"membershipType"`
	// Breakdown of score severities by their contribution to the overall risk score of this group.
	RiskContributionBreakdown *ScoreSeverityBreakdown `json:"riskContributionBreakdown,omitempty"`
	// Breakdown of score severities by the percentage of members associated with each severity.
	RiskDistribution *ScoreSeverityBreakdown `json:"riskDistribution,omitempty"`
	// The risk factors associated with this group.
	RiskFactors []*RiskFactorContribution `json:"riskFactors"`
	// The overall risk score associated with this group.
	Score string `json:"score"`
}

A descriptor for the overall risk associated with a group of entities in an Active Directory domain. In this context, *group* does not imply an Active Directory group, but a logical group of entities of various membership types (see `EntityMembershipType`)

type RiskByMembershipResultConnection 

type RiskByMembershipResultConnection struct {
	// List of `RiskByMembershipResult` edges.
	Edges []*RiskByMembershipResultEdge `json:"edges"`
	// Information to aid in pagination.
	PageInfo *PageInfo `json:"pageInfo"`
	// A convenience extension to the standard Relay Connection type, directly
	// exposing the `RiskByMembershipResult` elements, which may be used *instead* of
	// edges. It is primarily useful in conjunction with `startCursor` and
	// `endCursor`, or when exploring the API interactively (e.g. in GraphiQL).
	Nodes []*RiskByMembershipResult `json:"nodes"`
}

A [Relay-Compatible](https://facebook.github.io/relay/graphql/connections.htm) Connection type for paginating over `RiskByMembershipResult` elements.

type RiskByMembershipResultEdge 

type RiskByMembershipResultEdge struct {
	// Cursor pointing to this edge, to be used in standard pagination query arguments (`before`, `after`).
	Cursor string `json:"cursor"`
	// The `RiskByMembershipResult` item at the end of this edge.
	Node *RiskByMembershipResult `json:"node"`
}

A `RiskByMembershipResult` edge in a connection.

type RiskByMembershipSortKey 

type RiskByMembershipSortKey string

Enumeration of sort options for the `riskByMembershipSummary` query API. 

const (
	// Sort by the group name.
	RiskByMembershipSortKeyGroup RiskByMembershipSortKey = "GROUP"
	// Sort by the group risk score.
	RiskByMembershipSortKeyScore RiskByMembershipSortKey = "SCORE"
	// Sort by the group impact score.
	RiskByMembershipSortKeyImpact RiskByMembershipSortKey = "IMPACT"
)

func (RiskByMembershipSortKey) IsValid 

func (e RiskByMembershipSortKey) IsValid() bool

func (RiskByMembershipSortKey) MarshalGQL 

func (e RiskByMembershipSortKey) MarshalGQL(w io.Writer)

func (RiskByMembershipSortKey) String 

func (e RiskByMembershipSortKey) String() string

func (*RiskByMembershipSortKey) UnmarshalGQL 

func (e *RiskByMembershipSortKey) UnmarshalGQL(v interface{}) error

type RiskFactorContribution 

type RiskFactorContribution struct {
	// The severity value assigned to the risk factor type.
	Severity ScoreSeverity `json:"severity"`
	// The risk factor type.
	Type RiskFactorType `json:"type"`
}

Risk factor contribution descriptor.

type RiskFactorType 

type RiskFactorType string

An enumeration of risk factor types. 

const (
	RiskFactorTypeAbnormalServiceAccess                                                        RiskFactorType = "ABNORMAL_SERVICE_ACCESS"
	RiskFactorTypeCredentialTheft                                                              RiskFactorType = "CREDENTIAL_THEFT"
	RiskFactorTypeDailyVolumeAnomaly                                                           RiskFactorType = "DAILY_VOLUME_ANOMALY"
	RiskFactorTypePolicyRuleMatch                                                              RiskFactorType = "POLICY_RULE_MATCH"
	RiskFactorTypeForbiddenCountry                                                             RiskFactorType = "FORBIDDEN_COUNTRY"
	RiskFactorTypeForgedPac                                                                    RiskFactorType = "FORGED_PAC"
	RiskFactorTypeGoldenTicket                                                                 RiskFactorType = "GOLDEN_TICKET"
	RiskFactorTypeIdentityVerificationDeny                                                     RiskFactorType = "IDENTITY_VERIFICATION_DENY"
	RiskFactorTypeIdentityVerificationTimeout                                                  RiskFactorType = "IDENTITY_VERIFICATION_TIMEOUT"
	RiskFactorTypeLateralMovement                                                              RiskFactorType = "LATERAL_MOVEMENT"
	RiskFactorTypeNewServerAccess                                                              RiskFactorType = "NEW_SERVER_ACCESS"
	RiskFactorTypePassTheHash                                                                  RiskFactorType = "PASS_THE_HASH"
	RiskFactorTypePassTheTicket                                                                RiskFactorType = "PASS_THE_TICKET"
	RiskFactorTypePasswordBruteForce                                                           RiskFactorType = "PASSWORD_BRUTE_FORCE"
	RiskFactorTypeSkeletonKey                                                                  RiskFactorType = "SKELETON_KEY"
	RiskFactorTypeStaleAccountUsage                                                            RiskFactorType = "STALE_ACCOUNT_USAGE"
	RiskFactorTypeStaleHostUsage                                                               RiskFactorType = "STALE_HOST_USAGE"
	RiskFactorTypeStaleServiceUsage                                                            RiskFactorType = "STALE_SERVICE_USAGE"
	RiskFactorTypeCredentialScanning                                                           RiskFactorType = "CREDENTIAL_SCANNING"
	RiskFactorTypeGeoAnomaly                                                                   RiskFactorType = "GEO_ANOMALY"
	RiskFactorTypeNewEntityVolume                                                              RiskFactorType = "NEW_ENTITY_VOLUME"
	RiskFactorTypeDcSync                                                                       RiskFactorType = "DC_SYNC"
	RiskFactorTypeHiddenObject                                                                 RiskFactorType = "HIDDEN_OBJECT"
	RiskFactorTypeBadIPReputationUsage                                                         RiskFactorType = "BAD_IP_REPUTATION_USAGE"
	RiskFactorTypeAnomalousRPC                                                                 RiskFactorType = "ANOMALOUS_RPC"
	RiskFactorTypeRemoteCodeExecution                                                          RiskFactorType = "REMOTE_CODE_EXECUTION"
	RiskFactorTypeNtlmRelay                                                                    RiskFactorType = "NTLM_RELAY"
	RiskFactorTypeCredsspAttack                                                                RiskFactorType = "CREDSSP_ATTACK"
	RiskFactorTypeLdapReconnaissance                                                           RiskFactorType = "LDAP_RECONNAISSANCE"
	RiskFactorTypeBronzeBit                                                                    RiskFactorType = "BRONZE_BIT"
	RiskFactorTypeSuspiciousCloudActivityMl                                                    RiskFactorType = "SUSPICIOUS_CLOUD_ACTIVITY_ML"
	RiskFactorTypeAgedPassword                                                                 RiskFactorType = "AGED_PASSWORD"
	RiskFactorTypeKrbtgtAgedPassword                                                           RiskFactorType = "KRBTGT_AGED_PASSWORD"
	RiskFactorTypeAssociationWithRiskyEndpoint                                                 RiskFactorType = "ASSOCIATION_WITH_RISKY_ENDPOINT"
	RiskFactorTypeNeverExpiresPassword                                                         RiskFactorType = "NEVER_EXPIRES_PASSWORD"
	RiskFactorTypeInsufficientPasswordRotation                                                 RiskFactorType = "INSUFFICIENT_PASSWORD_ROTATION"
	RiskFactorTypeExposedPassword                                                              RiskFactorType = "EXPOSED_PASSWORD"
	RiskFactorTypeInactiveAccount                                                              RiskFactorType = "INACTIVE_ACCOUNT"
	RiskFactorTypeSharedEndpoint                                                               RiskFactorType = "SHARED_ENDPOINT"
	RiskFactorTypeSharedUser                                                                   RiskFactorType = "SHARED_USER"
	RiskFactorTypeStaleAccount                                                                 RiskFactorType = "STALE_ACCOUNT"
	RiskFactorTypeUnmanagedHost                                                                RiskFactorType = "UNMANAGED_HOST"
	RiskFactorTypeVpnUsage                                                                     RiskFactorType = "VPN_USAGE"
	RiskFactorTypeVulnerableOs                                                                 RiskFactorType = "VULNERABLE_OS"
	RiskFactorTypeWeakPassword                                                                 RiskFactorType = "WEAK_PASSWORD"
	RiskFactorTypeWeakPasswordPolicy                                                           RiskFactorType = "WEAK_PASSWORD_POLICY"
	RiskFactorTypeDuplicatePassword                                                            RiskFactorType = "DUPLICATE_PASSWORD"
	RiskFactorTypeWatched                                                                      RiskFactorType = "WATCHED"
	RiskFactorTypeHasSpns                                                                      RiskFactorType = "HAS_SPNS"
	RiskFactorTypeNtlmMovements                                                                RiskFactorType = "NTLM_MOVEMENTS"
	RiskFactorTypeStealthyPrivileges                                                           RiskFactorType = "STEALTHY_PRIVILEGES"
	RiskFactorTypeObjectSidHistoryPrivilegesTakeover                                           RiskFactorType = "OBJECT_SID_HISTORY_PRIVILEGES_TAKEOVER"
	RiskFactorTypePrivilegedMachine                                                            RiskFactorType = "PRIVILEGED_MACHINE"
	RiskFactorTypeGuestAccountEnabled                                                          RiskFactorType = "GUEST_ACCOUNT_ENABLED"
	RiskFactorTypeVulnerableNtlmCompatibilityLevel                                             RiskFactorType = "VULNERABLE_NTLM_COMPATIBILITY_LEVEL"
	RiskFactorTypeSmbSigningDisabled                                                           RiskFactorType = "SMB_SIGNING_DISABLED"
	RiskFactorTypeDuplicatedLocalAdministrator                                                 RiskFactorType = "DUPLICATED_LOCAL_ADMINISTRATOR"
	RiskFactorTypePrivilegedUserUsingUnmanagedEndpoint                                         RiskFactorType = "PRIVILEGED_USER_USING_UNMANAGED_ENDPOINT"
	RiskFactorTypeUnmanagedEndpointUsedByPrivilegedUser                                        RiskFactorType = "UNMANAGED_ENDPOINT_USED_BY_PRIVILEGED_USER"
	RiskFactorTypeSharedEndpointUsedByPrivilegedUser                                           RiskFactorType = "SHARED_ENDPOINT_USED_BY_PRIVILEGED_USER"
	RiskFactorTypeKerberosPreauthNotRequired                                                   RiskFactorType = "KERBEROS_PREAUTH_NOT_REQUIRED"
	RiskFactorTypeDesKeyOnlyKerberosEncryption                                                 RiskFactorType = "DES_KEY_ONLY_KERBEROS_ENCRYPTION"
	RiskFactorTypeLdapSigningDisabled                                                          RiskFactorType = "LDAP_SIGNING_DISABLED"
	RiskFactorTypeLdapsChannelBinding                                                          RiskFactorType = "LDAPS_CHANNEL_BINDING"
	RiskFactorTypeSpoolerServiceRunning                                                        RiskFactorType = "SPOOLER_SERVICE_RUNNING"
	RiskFactorTypeNlaDisabled                                                                  RiskFactorType = "NLA_DISABLED"
	RiskFactorTypeExposedLocalAdmin                                                            RiskFactorType = "EXPOSED_LOCAL_ADMIN"
	RiskFactorTypeHasAttackPath                                                                RiskFactorType = "HAS_ATTACK_PATH"
	RiskFactorTypeUsesLocallyAdministratedMachines                                             RiskFactorType = "USES_LOCALLY_ADMINISTRATED_MACHINES"
	RiskFactorTypeCloudActivityOnVulnerableOs                                                  RiskFactorType = "CLOUD_ACTIVITY_ON_VULNERABLE_OS"
	RiskFactorTypeAzureLegacyProtocolUsage                                                     RiskFactorType = "AZURE_LEGACY_PROTOCOL_USAGE"
	RiskFactorTypeSuspiciousSpn                                                                RiskFactorType = "SUSPICIOUS_SPN"
	RiskFactorTypeSuspiciousUpn                                                                RiskFactorType = "SUSPICIOUS_UPN"
	RiskFactorTypeRiskyLinkedAccount                                                           RiskFactorType = "RISKY_LINKED_ACCOUNT"
	RiskFactorTypeCertificateTemplateAllowsAuthenticationAsAnyDomainUser                       RiskFactorType = "CERTIFICATE_TEMPLATE_ALLOWS_AUTHENTICATION_AS_ANY_DOMAIN_USER"
	RiskFactorTypeAuthenticateAsAnyDomainUserWithCertificateRequestAgentWithoutAnyRestrictions RiskFactorType = "AUTHENTICATE_AS_ANY_DOMAIN_USER_WITH_CERTIFICATE_REQUEST_AGENT_WITHOUT_ANY_RESTRICTIONS"
)

func (RiskFactorType) IsValid 

func (e RiskFactorType) IsValid() bool

func (RiskFactorType) MarshalGQL 

func (e RiskFactorType) MarshalGQL(w io.Writer)

func (RiskFactorType) String 

func (e RiskFactorType) String() string

func (*RiskFactorType) UnmarshalGQL 

func (e *RiskFactorType) UnmarshalGQL(v interface{}) error

type RoleAssignmentAssociationQuery 

type RoleAssignmentAssociationQuery struct {
	// The query is a match if the role display names match
	RoleDisplayNames []string `json:"roleDisplayNames,omitempty"`
	// The query is a match if the role ids match
	RoleIds []string `json:"roleIds,omitempty"`
	// The query is a match if the scope display names match
	ScopeDisplayNames []string `json:"scopeDisplayNames,omitempty"`
	// The query is a match if the scope ids match
	ScopeIds []string `json:"scopeIds,omitempty"`
}

Query criteria for role assignment association. All specific criteria must be met for a result to match.

type RuleAction 

type RuleAction string
const (
	RuleActionAllow               RuleAction = "ALLOW"
	RuleActionBlock               RuleAction = "BLOCK"
	RuleActionMfa                 RuleAction = "MFA"
	RuleActionForcePasswordChange RuleAction = "FORCE_PASSWORD_CHANGE"
	RuleActionEmailVerification   RuleAction = "EMAIL_VERIFICATION"
	RuleActionAddToWatchList      RuleAction = "ADD_TO_WATCH_LIST"
	RuleActionSmsAlert            RuleAction = "SMS_ALERT"
	RuleActionApplySsoPolicy      RuleAction = "APPLY_SSO_POLICY"
)

func (RuleAction) IsValid 

func (e RuleAction) IsValid() bool

func (RuleAction) MarshalGQL 

func (e RuleAction) MarshalGQL(w io.Writer)

func (RuleAction) String 

func (e RuleAction) String() string

func (*RuleAction) UnmarshalGQL 

func (e *RuleAction) UnmarshalGQL(v interface{}) error

type RuleTrigger 

type RuleTrigger string
const (
	RuleTriggerAccess          RuleTrigger = "access"
	RuleTriggerAccountEvent    RuleTrigger = "accountEvent"
	RuleTriggerFederatedAccess RuleTrigger = "federatedAccess"
	RuleTriggerAlert           RuleTrigger = "alert"
)

func (RuleTrigger) IsValid 

func (e RuleTrigger) IsValid() bool

func (RuleTrigger) MarshalGQL 

func (e RuleTrigger) MarshalGQL(w io.Writer)

func (RuleTrigger) String 

func (e RuleTrigger) String() string

func (*RuleTrigger) UnmarshalGQL 

func (e *RuleTrigger) UnmarshalGQL(v interface{}) error

type SchemaAdminsRole 

type SchemaAdminsRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (SchemaAdminsRole) GetAuthorizingContainingEntitiesIds 

func (this SchemaAdminsRole) GetAuthorizingContainingEntitiesIds() []string

func (SchemaAdminsRole) GetAuthorizingGroupIds 

func (this SchemaAdminsRole) GetAuthorizingGroupIds() []string

func (SchemaAdminsRole) GetBuiltin 

func (this SchemaAdminsRole) GetBuiltin() bool

func (SchemaAdminsRole) GetConfirmed 

func (this SchemaAdminsRole) GetConfirmed() bool

func (SchemaAdminsRole) GetFullPath 

func (this SchemaAdminsRole) GetFullPath() *string

func (SchemaAdminsRole) GetProbability 

func (this SchemaAdminsRole) GetProbability() *float64

func (SchemaAdminsRole) GetType 

func (this SchemaAdminsRole) GetType() EntityRoleType

func (SchemaAdminsRole) IsAdminAccountRole 

func (SchemaAdminsRole) IsAdminAccountRole()

func (SchemaAdminsRole) IsEntityRole 

func (SchemaAdminsRole) IsEntityRole()

func (SchemaAdminsRole) IsForestLevelAdminRole 

func (SchemaAdminsRole) IsForestLevelAdminRole()

type ScoreLevel 

type ScoreLevel string
const (
	ScoreLevelLow    ScoreLevel = "LOW"
	ScoreLevelMedium ScoreLevel = "MEDIUM"
	ScoreLevelHigh   ScoreLevel = "HIGH"
)

func (ScoreLevel) IsValid 

func (e ScoreLevel) IsValid() bool

func (ScoreLevel) MarshalGQL 

func (e ScoreLevel) MarshalGQL(w io.Writer)

func (ScoreLevel) String 

func (e ScoreLevel) String() string

func (*ScoreLevel) UnmarshalGQL 

func (e *ScoreLevel) UnmarshalGQL(v interface{}) error

type ScoreSeverity 

type ScoreSeverity string
const (
	ScoreSeverityNormal ScoreSeverity = "NORMAL"
	ScoreSeverityMedium ScoreSeverity = "MEDIUM"
	ScoreSeverityHigh   ScoreSeverity = "HIGH"
)

func (ScoreSeverity) IsValid 

func (e ScoreSeverity) IsValid() bool

func (ScoreSeverity) MarshalGQL 

func (e ScoreSeverity) MarshalGQL(w io.Writer)

func (ScoreSeverity) String 

func (e ScoreSeverity) String() string

func (*ScoreSeverity) UnmarshalGQL 

func (e *ScoreSeverity) UnmarshalGQL(v interface{}) error

type ScoreSeverityBreakdown 

type ScoreSeverityBreakdown struct {
	Normal *string `json:"NORMAL,omitempty"`
	Medium *string `json:"MEDIUM,omitempty"`
	High   *string `json:"HIGH,omitempty"`
}

type SecurityAssessment 

type SecurityAssessment struct {
	// List of risk factors matching the query criteria.
	AssessmentFactors []*SecurityAssessmentFactor `json:"assessmentFactors"`
	Domain            *string                     `json:"domain,omitempty"`
	// The overall security score for the given `assessmentFactors`, as a number between 0 (no risk) to 1 (maximum risk).
	OverallScore string `json:"overallScore"`
	// The overall security score level for the given `assessmentFactors`.
	OverallScoreLevel ScoreLevel `json:"overallScoreLevel"`
	Tenant            *string    `json:"tenant,omitempty"`
}

The *SecurityAssessment* data type holds data about a set of domain-level security risk factors, along with an overall score for these factors.

### Examples

```graphql #### Get the the latest security assessment 

{
    securityAssessment(domain: "DOMAIN.TLD") # fill your domain here
    {
        overallScore
        overallScoreLevel
        assessmentFactors
        {
            riskFactorType
            likelihood
            severity
        }
    }
}

``` ```graphql #### Get security assessment past data 

{
    # Last week's security assessment history, in daily resolution
    securityAssessmentHistory(domain: "DOMAIN.TLD" # fill your domain here
        first: 7
        startTime: "P-1W" # Or some ISO-8601 Date (see DateTimeInput documentation)
        timeResolution: DAY)
    {
        nodes
        {
            securityAssessment
            {
                overallScore
                overallScoreLevel
                assessmentFactors
                {
                    riskFactorType
                    likelihood
                    severity
                    lastUpdateTime
                }
            }
        }
    }
}

``` ```graphql #### Utilizing security assessment goals 

{
    securityAssessmentGoals
    {
        name
        goalId
    }

    # These goals can be used for restrict the assessed factors in both current and historical data APIs
    # To see the results, please fill the domain query argument
    pumCurrent:
    securityAssessment(domain: "DOMAIN.TLD" # fill your domain here
        goalIds: ["a48477ba-c645-4d7d-ad3a-b33ed488e03f"]) {
        overallScore
        overallScoreLevel
        assessmentFactors
        {
            riskFactorType
        }
    }

    penTetstingHistory:
    securityAssessmentHistory(domain: "DOMAIN.TLD" # fill your domain here
        goalIds: ["c9d1c1a3-0b95-4235-97d9-f12a748e5fa6"]
        first: 7
        startTime: "P-7D"
        timeResolution: DAY)
    {
        nodes
        {
            securityAssessment
            {
                overallScore
                overallScoreLevel
                assessmentFactors
                {
                    riskFactorType
                    lastUpdateTime
                }
            }
        }
    }
}

```

type SecurityAssessmentFactor 

type SecurityAssessmentFactor struct {
	// Human-readable description for the risk
	Description string `json:"description"`
	// The domain associated with the risk factor.
	Domain *string `json:"domain,omitempty"`
	// Human-readable label for the risk factor
	Label string `json:"label"`
	// The time when the information about the risk factor was last updated.
	LastUpdateTime string `json:"lastUpdateTime"`
	// The risk factor likelihood level.
	Likelihood ScoreLevel `json:"likelihood"`
	// The actions recommended in order to reduce or neutralize the risk.
	Recommendations []*SecurityAssessmentFactorRecommendation `json:"recommendations"`
	// The risk factor type.
	RiskFactorType RiskFactorType `json:"riskFactorType"`
	// The risk factor score level, taking into account both its severity and its likelihood.
	ScoreLevel ScoreLevel `json:"scoreLevel"`
	// The risk factor severity level.
	Severity ScoreLevel `json:"severity"`
	Tenant   *string    `json:"tenant,omitempty"`
}

type SecurityAssessmentFactorRecommendation 

type SecurityAssessmentFactorRecommendation struct {
	// The link to the detailed recommendations.
	Link *string `json:"link,omitempty"`
	// A detailed description of the actions recommended in order to reduce or neutralize the risk.
	Text string `json:"text"`
}

The actions recommended in order to reduce or neutralize the risk.

type SecurityAssessmentGoal 

type SecurityAssessmentGoal struct {
	// The goal unique identifier, which can then be used for querying “`securityAssessment“`.
	GoalID string `json:"goalId"`
	// The goal name.
	Name string `json:"name"`
}

A goal associated with a `SecurityAssessment` result.

```graphql #### Utilizing security assessment goals 

{
    securityAssessmentGoals
    {
        name
        goalId
    }

    # These goals can be used for restrict the assessed factors in both current and historical data APIs
    # To see the results, please fill the domain query argument
    pumCurrent:
    securityAssessment(domain: "DOMAIN.TLD" # fill your domain here
        goalIds: ["a48477ba-c645-4d7d-ad3a-b33ed488e03f"]) {
        overallScore
        overallScoreLevel
        assessmentFactors
        {
            riskFactorType
        }
    }

    penTetstingHistory:
    securityAssessmentHistory(domain: "DOMAIN.TLD" # fill your domain here
        goalIds: ["c9d1c1a3-0b95-4235-97d9-f12a748e5fa6"]
        first: 7
        startTime: "P-7D"
        timeResolution: DAY)
    {
        nodes
        {
            securityAssessment
            {
                overallScore
                overallScoreLevel
                assessmentFactors
                {
                    riskFactorType
                    lastUpdateTime
                }
            }
        }
    }
}

```

type SecurityAssessmentHistoryEntry 

type SecurityAssessmentHistoryEntry struct {
	// The name of a previous security assessment.
	SecurityAssessment *SecurityAssessment `json:"securityAssessment"`
	// The time when a previous security assessment was performed.
	Timestamp string `json:"timestamp"`
}

Analyzing results of previous security assessments enables you to see the general direction of changes in the risk score and measure the security enhancement progress.

type SecurityAssessmentHistoryEntryConnection 

type SecurityAssessmentHistoryEntryConnection struct {
	// List of `SecurityAssessmentHistoryEntry` edges.
	Edges []*SecurityAssessmentHistoryEntryEdge `json:"edges"`
	// Information to aid in pagination.
	PageInfo *PageInfo `json:"pageInfo"`
	// A convenience extension to the standard Relay Connection type, directly
	// exposing the `SecurityAssessmentHistoryEntry` elements, which may be used
	// *instead* of edges. It is primarily useful in conjunction with `startCursor`
	// and `endCursor`, or when exploring the API interactively (e.g. in GraphiQL).
	Nodes []*SecurityAssessmentHistoryEntry `json:"nodes"`
}

A [Relay-Compatible](https://facebook.github.io/relay/graphql/connections.htm) Connection type for paginating over `SecurityAssessmentHistoryEntry` elements.

type SecurityAssessmentHistoryEntryEdge 

type SecurityAssessmentHistoryEntryEdge struct {
	// Cursor pointing to this edge, to be used in standard pagination query arguments (`before`, `after`).
	Cursor string `json:"cursor"`
	// The `SecurityAssessmentHistoryEntry` item at the end of this edge.
	Node *SecurityAssessmentHistoryEntry `json:"node"`
}

A `SecurityAssessmentHistoryEntry` edge in a connection.

type SecurityAssessmentTimeResolution 

type SecurityAssessmentTimeResolution string
const (
	SecurityAssessmentTimeResolutionHour SecurityAssessmentTimeResolution = "HOUR"
	SecurityAssessmentTimeResolutionDay  SecurityAssessmentTimeResolution = "DAY"
	SecurityAssessmentTimeResolutionWeek SecurityAssessmentTimeResolution = "WEEK"
)

func (SecurityAssessmentTimeResolution) IsValid 

func (e SecurityAssessmentTimeResolution) IsValid() bool

func (SecurityAssessmentTimeResolution) MarshalGQL 

func (e SecurityAssessmentTimeResolution) MarshalGQL(w io.Writer)

func (SecurityAssessmentTimeResolution) String 

func (e SecurityAssessmentTimeResolution) String() string

func (*SecurityAssessmentTimeResolution) UnmarshalGQL 

func (e *SecurityAssessmentTimeResolution) UnmarshalGQL(v interface{}) error

type SecurityGroupRole 

type SecurityGroupRole struct {
	Builtin     bool                      `json:"builtin"`
	Confirmed   bool                      `json:"confirmed"`
	FullPath    *string                   `json:"fullPath,omitempty"`
	Probability *float64                  `json:"probability,omitempty"`
	Scope       ActiveDirectoryGroupScope `json:"scope"`
	Type        EntityRoleType            `json:"type"`
}

func (SecurityGroupRole) GetBuiltin 

func (this SecurityGroupRole) GetBuiltin() bool

func (SecurityGroupRole) GetConfirmed 

func (this SecurityGroupRole) GetConfirmed() bool

func (SecurityGroupRole) GetFullPath 

func (this SecurityGroupRole) GetFullPath() *string

func (SecurityGroupRole) GetProbability 

func (this SecurityGroupRole) GetProbability() *float64

func (SecurityGroupRole) GetScope 

func (this SecurityGroupRole) GetScope() ActiveDirectoryGroupScope

func (SecurityGroupRole) GetType 

func (this SecurityGroupRole) GetType() EntityRoleType

func (SecurityGroupRole) IsActiveDirectoryGroupRole 

func (SecurityGroupRole) IsActiveDirectoryGroupRole()

func (SecurityGroupRole) IsContainerRole 

func (SecurityGroupRole) IsContainerRole()

func (SecurityGroupRole) IsEntityRole 

func (SecurityGroupRole) IsEntityRole()

func (SecurityGroupRole) IsPermissionAssignerRole 

func (SecurityGroupRole) IsPermissionAssignerRole()

type ServerOperatorsAdminRole 

type ServerOperatorsAdminRole struct {
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (ServerOperatorsAdminRole) GetAuthorizingContainingEntitiesIds 

func (this ServerOperatorsAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (ServerOperatorsAdminRole) GetAuthorizingGroupIds 

func (this ServerOperatorsAdminRole) GetAuthorizingGroupIds() []string

func (ServerOperatorsAdminRole) GetBuiltin 

func (this ServerOperatorsAdminRole) GetBuiltin() bool

func (ServerOperatorsAdminRole) GetConfirmed 

func (this ServerOperatorsAdminRole) GetConfirmed() bool

func (ServerOperatorsAdminRole) GetFullPath 

func (this ServerOperatorsAdminRole) GetFullPath() *string

func (ServerOperatorsAdminRole) GetProbability 

func (this ServerOperatorsAdminRole) GetProbability() *float64

func (ServerOperatorsAdminRole) GetType 

func (this ServerOperatorsAdminRole) GetType() EntityRoleType

func (ServerOperatorsAdminRole) IsAdminAccountRole 

func (ServerOperatorsAdminRole) IsAdminAccountRole()

func (ServerOperatorsAdminRole) IsEntityRole 

func (ServerOperatorsAdminRole) IsEntityRole()

func (ServerOperatorsAdminRole) IsOperatorLevelAdminRole 

func (ServerOperatorsAdminRole) IsOperatorLevelAdminRole()

type ServerRole 

type ServerRole interface {
	IsServerRole()
	GetConfirmed() bool
	GetFullPath() *string
	GetImpersonator() bool
	GetProbability() *float64
	GetType() EntityRoleType
}

type ServerRoleImpl 

type ServerRoleImpl struct {
	Confirmed    bool           `json:"confirmed"`
	FullPath     *string        `json:"fullPath,omitempty"`
	Impersonator bool           `json:"impersonator"`
	Probability  *float64       `json:"probability,omitempty"`
	Type         EntityRoleType `json:"type"`
}

func (ServerRoleImpl) GetConfirmed 

func (this ServerRoleImpl) GetConfirmed() bool

func (ServerRoleImpl) GetFullPath 

func (this ServerRoleImpl) GetFullPath() *string

func (ServerRoleImpl) GetImpersonator 

func (this ServerRoleImpl) GetImpersonator() bool

func (ServerRoleImpl) GetProbability 

func (this ServerRoleImpl) GetProbability() *float64

func (ServerRoleImpl) GetType 

func (this ServerRoleImpl) GetType() EntityRoleType

func (ServerRoleImpl) IsClassificationRole 

func (ServerRoleImpl) IsClassificationRole()

func (ServerRoleImpl) IsEntityRole 

func (ServerRoleImpl) IsEntityRole()

func (ServerRoleImpl) IsServerRole 

func (ServerRoleImpl) IsServerRole()

type ServiceAssociation 

type ServiceAssociation struct {
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	BindingType BindingType `json:"bindingType"`
	// The associated entity.
	Entity         Entity   `json:"entity"`
	ServiceClasses []string `json:"serviceClasses"`
}

A specialized `Association` type for entity associations

func (ServiceAssociation) GetBindingType 

func (this ServiceAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (ServiceAssociation) GetEntity 

func (this ServiceAssociation) GetEntity() Entity

The associated entity.

func (ServiceAssociation) IsAssociation 

func (ServiceAssociation) IsAssociation()

func (ServiceAssociation) IsEntityAssociation 

func (ServiceAssociation) IsEntityAssociation()

type ServiceDelegationAdminRole 

type ServiceDelegationAdminRole interface {
	IsServiceDelegationAdminRole()
	GetAffectedEntities() []Entity
	GetAuthorizingContainingEntitiesIds() []string
	GetAuthorizingGroupIds() []string
	GetBuiltin() bool
	GetConfirmed() bool
	GetEffectedEntityIds() []string
	GetFullPath() *string
	GetProbability() *float64
	GetType() EntityRoleType
}

type ServiceDescriptor 

type ServiceDescriptor struct {
	Entity     Entity `json:"entity,omitempty"`
	Identifier string `json:"identifier"`
}

type ServicePrincipalNameBasedRiskFactor 

type ServicePrincipalNameBasedRiskFactor struct {
	Score                 string         `json:"score"`
	ServicePrincipalNames []string       `json:"servicePrincipalNames"`
	Severity              ScoreSeverity  `json:"severity"`
	Type                  RiskFactorType `json:"type"`
}

func (ServicePrincipalNameBasedRiskFactor) GetScore 

func (this ServicePrincipalNameBasedRiskFactor) GetScore() string

func (ServicePrincipalNameBasedRiskFactor) GetSeverity 

func (this ServicePrincipalNameBasedRiskFactor) GetSeverity() ScoreSeverity

func (ServicePrincipalNameBasedRiskFactor) GetType 

func (this ServicePrincipalNameBasedRiskFactor) GetType() RiskFactorType

func (ServicePrincipalNameBasedRiskFactor) IsEntityRiskFactor 

func (ServicePrincipalNameBasedRiskFactor) IsEntityRiskFactor()

type ServiceType 

type ServiceType string
const (
	ServiceTypeLdap           ServiceType = "LDAP"
	ServiceTypeWeb            ServiceType = "WEB"
	ServiceTypeFileShare      ServiceType = "FILE_SHARE"
	ServiceTypeDb             ServiceType = "DB"
	ServiceTypeRPCSs          ServiceType = "RPCSS"
	ServiceTypeRemoteDesktop  ServiceType = "REMOTE_DESKTOP"
	ServiceTypeSccm           ServiceType = "SCCM"
	ServiceTypeSip            ServiceType = "SIP"
	ServiceTypeDNS            ServiceType = "DNS"
	ServiceTypeMail           ServiceType = "MAIL"
	ServiceTypeNtlm           ServiceType = "NTLM"
	ServiceTypeComputerAccess ServiceType = "COMPUTER_ACCESS"
	ServiceTypeGenericCloud   ServiceType = "GENERIC_CLOUD"
	ServiceTypeServiceAccount ServiceType = "SERVICE_ACCOUNT"
	ServiceTypeUnknown        ServiceType = "UNKNOWN"
)

func (ServiceType) IsValid 

func (e ServiceType) IsValid() bool

func (ServiceType) MarshalGQL 

func (e ServiceType) MarshalGQL(w io.Writer)

func (ServiceType) String 

func (e ServiceType) String() string

func (*ServiceType) UnmarshalGQL 

func (e *ServiceType) UnmarshalGQL(v interface{}) error

type SetEntityLinkedAccountInput 

type SetEntityLinkedAccountInput struct {
	ClientMutationID                     *string           `json:"clientMutationId,omitempty"`
	EntityQuery                          *EntityQueryInput `json:"entityQuery"`
	LinkedAccountsAssociationEntityQuery *EntityQueryInput `json:"linkedAccountsAssociationEntityQuery"`
}

type SetStateIncidentInput 

type SetStateIncidentInput struct {
	ClientMutationID *string `json:"clientMutationId,omitempty"`
	// The unique identifier of the incident to be updated (see `Incident:incidentId`).
	IncidentID string `json:"incidentId"`
	// The updated lifecycle stage.
	LifeCycleStage IncidentLifeCycleStageInput `json:"lifeCycleStage"`
	// The reason for this change.
	Reason *string `json:"reason,omitempty"`
}

Input for `setIncidentState`.

type SignInAudience 

type SignInAudience string
const (
	SignInAudienceAzureADMyOrg                       SignInAudience = "AzureADMyOrg"
	SignInAudienceAzureADMultipleOrgs                SignInAudience = "AzureADMultipleOrgs"
	SignInAudienceAzureADandPersonalMicrosoftAccount SignInAudience = "AzureADandPersonalMicrosoftAccount"
	SignInAudiencePersonalMicrosoftAccount           SignInAudience = "PersonalMicrosoftAccount"
)

func (SignInAudience) IsValid 

func (e SignInAudience) IsValid() bool

func (SignInAudience) MarshalGQL 

func (e SignInAudience) MarshalGQL(w io.Writer)

func (SignInAudience) String 

func (e SignInAudience) String() string

func (*SignInAudience) UnmarshalGQL 

func (e *SignInAudience) UnmarshalGQL(v interface{}) error

type SimpleErrorDetails 

type SimpleErrorDetails struct {
	// A human-readable error message describing an error or failure.
	Message string `json:"message"`
}

The default implementation for `ErrorDetails`.

func (SimpleErrorDetails) GetMessage 

func (this SimpleErrorDetails) GetMessage() string

A human-readable error message describing an error or failure.

func (SimpleErrorDetails) IsErrorDetails 

func (SimpleErrorDetails) IsErrorDetails()

type SimulatableAssociation 

type SimulatableAssociation interface {
	IsSimulatableAssociation()
	// The association binding type, which also determines the specific `Association` subtype of this instance.
	GetBindingType() BindingType
	// The associated entity.
	GetEntity() Entity
	GetSimulated() bool
}

A specialized `Association` type for entity associations

type SmbDialect 

type SmbDialect string
const (
	SmbDialectSmb1     SmbDialect = "SMB_1"
	SmbDialectSmb2_0_2 SmbDialect = "SMB_2_0_2"
	SmbDialectSmb2_1   SmbDialect = "SMB_2_1"
	SmbDialectSmb3_0   SmbDialect = "SMB_3_0"
	SmbDialectSmb3_0_2 SmbDialect = "SMB_3_0_2"
	SmbDialectSmb3_1_1 SmbDialect = "SMB_3_1_1"
)

func (SmbDialect) IsValid 

func (e SmbDialect) IsValid() bool

func (SmbDialect) MarshalGQL 

func (e SmbDialect) MarshalGQL(w io.Writer)

func (SmbDialect) String 

func (e SmbDialect) String() string

func (*SmbDialect) UnmarshalGQL 

func (e *SmbDialect) UnmarshalGQL(v interface{}) error

type SortOrder 

type SortOrder string
const (
	SortOrderAscending  SortOrder = "ASCENDING"
	SortOrderDescending SortOrder = "DESCENDING"
)

func (SortOrder) IsValid 

func (e SortOrder) IsValid() bool

func (SortOrder) MarshalGQL 

func (e SortOrder) MarshalGQL(w io.Writer)

func (SortOrder) String 

func (e SortOrder) String() string

func (*SortOrder) UnmarshalGQL 

func (e *SortOrder) UnmarshalGQL(v interface{}) error

type SsoError 

type SsoError string
const (
	SsoErrorInvalidCredentials SsoError = "INVALID_CREDENTIALS"
	SsoErrorLockedOut          SsoError = "LOCKED_OUT"
	SsoErrorBadPassword        SsoError = "BAD_PASSWORD"
	SsoErrorBadUsername        SsoError = "BAD_USERNAME"
	SsoErrorVerificationError  SsoError = "VERIFICATION_ERROR"
	SsoErrorPasswordExpired    SsoError = "PASSWORD_EXPIRED"
	SsoErrorSessionExpired     SsoError = "SESSION_EXPIRED"
	SsoErrorAccountDisabled    SsoError = "ACCOUNT_DISABLED"
	SsoErrorAuthorizationError SsoError = "AUTHORIZATION_ERROR"
	SsoErrorMaliciousIP        SsoError = "MALICIOUS_IP"
	SsoErrorUnknown            SsoError = "UNKNOWN"
)

func (SsoError) IsValid 

func (e SsoError) IsValid() bool

func (SsoError) MarshalGQL 

func (e SsoError) MarshalGQL(w io.Writer)

func (SsoError) String 

func (e SsoError) String() string

func (*SsoError) UnmarshalGQL 

func (e *SsoError) UnmarshalGQL(v interface{}) error

type SsoErrorDetails 

type SsoErrorDetails struct {
	// A human-readable error message describing an error or failure.
	Message string `json:"message"`
	// SSO activity result reason.
	SsoError SsoError `json:"ssoError"`
}

A specialized `ErrorDetails` type for SSO activities.

func (SsoErrorDetails) GetMessage 

func (this SsoErrorDetails) GetMessage() string

A human-readable error message describing an error or failure.

func (SsoErrorDetails) IsErrorDetails 

func (SsoErrorDetails) IsErrorDetails()

type SsoGroupAccountDescriptor 

type SsoGroupAccountDescriptor interface {
	IsSsoGroupAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetContainingGroupEntities() []*EntityContainerEntity
	GetContainingGroupIds() []string
	GetContainingRoleEntities() []*EntityContainerEntity
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDataSourceConfigurationIdentifier() string
	GetDataSourceParticipantIdentifier() string
	GetDescription() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetFlattenedContainingGroupEntities() []*EntityContainerEntity
	GetFlattenedContainingGroupIds() []string
	GetFlattenedContainingRoleEntities() []*EntityContainerEntity
	GetTenant() *string
}

An account descriptor provides data associated with an external entity source, such as an entry in an identity management system.

type SsoGroupAccountDescriptorImpl 

type SsoGroupAccountDescriptorImpl struct {
	Archived                          bool                     `json:"archived"`
	ContainingGroupEntities           []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds                []string                 `json:"containingGroupIds"`
	ContainingRoleEntities            []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime                      string                   `json:"creationTime"`
	DataSource                        DataSource               `json:"dataSource"`
	DataSourceConfigurationIdentifier string                   `json:"dataSourceConfigurationIdentifier"`
	DataSourceParticipantIdentifier   string                   `json:"dataSourceParticipantIdentifier"`
	Description                       *string                  `json:"description,omitempty"`
	Enabled                           bool                     `json:"enabled"`
	FlattenedContainingGroupEntities  []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds       []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities   []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	Tenant                            *string                  `json:"tenant,omitempty"`
}

func (SsoGroupAccountDescriptorImpl) GetArchived 

func (this SsoGroupAccountDescriptorImpl) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (SsoGroupAccountDescriptorImpl) GetContainingGroupEntities 

func (this SsoGroupAccountDescriptorImpl) GetContainingGroupEntities() []*EntityContainerEntity

func (SsoGroupAccountDescriptorImpl) GetContainingGroupIds 

func (this SsoGroupAccountDescriptorImpl) GetContainingGroupIds() []string

func (SsoGroupAccountDescriptorImpl) GetContainingRoleEntities 

func (this SsoGroupAccountDescriptorImpl) GetContainingRoleEntities() []*EntityContainerEntity

func (SsoGroupAccountDescriptorImpl) GetCreationTime 

func (this SsoGroupAccountDescriptorImpl) GetCreationTime() string

func (SsoGroupAccountDescriptorImpl) GetDataSource 

func (this SsoGroupAccountDescriptorImpl) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (SsoGroupAccountDescriptorImpl) GetDataSourceConfigurationIdentifier 

func (this SsoGroupAccountDescriptorImpl) GetDataSourceConfigurationIdentifier() string

func (SsoGroupAccountDescriptorImpl) GetDataSourceParticipantIdentifier 

func (this SsoGroupAccountDescriptorImpl) GetDataSourceParticipantIdentifier() string

func (SsoGroupAccountDescriptorImpl) GetDescription 

func (this SsoGroupAccountDescriptorImpl) GetDescription() *string

func (SsoGroupAccountDescriptorImpl) GetEnabled 

func (this SsoGroupAccountDescriptorImpl) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (SsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupEntities 

func (this SsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (SsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupIds 

func (this SsoGroupAccountDescriptorImpl) GetFlattenedContainingGroupIds() []string

func (SsoGroupAccountDescriptorImpl) GetFlattenedContainingRoleEntities 

func (this SsoGroupAccountDescriptorImpl) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (SsoGroupAccountDescriptorImpl) GetTenant 

func (this SsoGroupAccountDescriptorImpl) GetTenant() *string

func (SsoGroupAccountDescriptorImpl) IsAccountDescriptor 

func (SsoGroupAccountDescriptorImpl) IsAccountDescriptor()

func (SsoGroupAccountDescriptorImpl) IsSsoGroupAccountDescriptor 

func (SsoGroupAccountDescriptorImpl) IsSsoGroupAccountDescriptor()

type SsoRbacAssignmentAssociation 

type SsoRbacAssignmentAssociation struct {
	// RBAC_ASSIGNMENT
	BindingType BindingType `json:"bindingType"`
	// AZURE
	DataSource DataSource `json:"dataSource"`
	// The Azure id of the assigned roles
	RoleIds []string `json:"roleIds"`
	// The assigned roles
	Roles []*RbacRoleDescriptor `json:"roles"`
	// The assignment scope (e.g. subscription)
	Scope *RbacSubscriptionDescriptor `json:"scope,omitempty"`
	// The Azure id of the assignment scope
	ScopeID string `json:"scopeId"`
}

An association to Azure RBAC role assignments, including role assignment inherited from groups.

func (SsoRbacAssignmentAssociation) GetBindingType 

func (this SsoRbacAssignmentAssociation) GetBindingType() BindingType

The association binding type, which also determines the specific `Association` subtype of this instance.

func (SsoRbacAssignmentAssociation) IsAssociation 

func (SsoRbacAssignmentAssociation) IsAssociation()

type SsoRoleAccountDescriptor 

type SsoRoleAccountDescriptor interface {
	IsSsoRoleAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDataSourceConfigurationIdentifier() string
	GetDataSourceParticipantIdentifier() string
	GetDescription() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetTenant() *string
}

An account descriptor provides data associated with an external entity source, such as an entry in an identity management system.

type SsoRoleAccountDescriptorImpl 

type SsoRoleAccountDescriptorImpl struct {
	Archived                          bool       `json:"archived"`
	CreationTime                      string     `json:"creationTime"`
	DataSource                        DataSource `json:"dataSource"`
	DataSourceConfigurationIdentifier string     `json:"dataSourceConfigurationIdentifier"`
	DataSourceParticipantIdentifier   string     `json:"dataSourceParticipantIdentifier"`
	Description                       *string    `json:"description,omitempty"`
	Enabled                           bool       `json:"enabled"`
	Tenant                            *string    `json:"tenant,omitempty"`
}

func (SsoRoleAccountDescriptorImpl) GetArchived 

func (this SsoRoleAccountDescriptorImpl) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (SsoRoleAccountDescriptorImpl) GetCreationTime 

func (this SsoRoleAccountDescriptorImpl) GetCreationTime() string

func (SsoRoleAccountDescriptorImpl) GetDataSource 

func (this SsoRoleAccountDescriptorImpl) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (SsoRoleAccountDescriptorImpl) GetDataSourceConfigurationIdentifier 

func (this SsoRoleAccountDescriptorImpl) GetDataSourceConfigurationIdentifier() string

func (SsoRoleAccountDescriptorImpl) GetDataSourceParticipantIdentifier 

func (this SsoRoleAccountDescriptorImpl) GetDataSourceParticipantIdentifier() string

func (SsoRoleAccountDescriptorImpl) GetDescription 

func (this SsoRoleAccountDescriptorImpl) GetDescription() *string

func (SsoRoleAccountDescriptorImpl) GetEnabled 

func (this SsoRoleAccountDescriptorImpl) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (SsoRoleAccountDescriptorImpl) GetTenant 

func (this SsoRoleAccountDescriptorImpl) GetTenant() *string

func (SsoRoleAccountDescriptorImpl) IsAccountDescriptor 

func (SsoRoleAccountDescriptorImpl) IsAccountDescriptor()

func (SsoRoleAccountDescriptorImpl) IsSsoRoleAccountDescriptor 

func (SsoRoleAccountDescriptorImpl) IsSsoRoleAccountDescriptor()

type SsoUserAccountDescriptor 

type SsoUserAccountDescriptor interface {
	IsSsoUserAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetContainingEntities() []*EntityContainerEntity
	GetContainingGroupEntities() []*EntityContainerEntity
	GetContainingGroupIds() []string
	GetContainingRoleEntities() []*EntityContainerEntity
	GetCreationTime() string
	GetCredentialsDataSource() *DataSource
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	// The ID of the connector configuration associated with this account.
	GetDataSourceConfigurationIdentifier() string
	GetDataSourceLoginIdentifier() *string
	// A unique identifier used by the connector to identify this account.
	GetDataSourceParticipantIdentifier() string
	GetDepartment() *string
	GetDescription() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetFlattenedContainingGroupEntities() []*EntityContainerEntity
	GetFlattenedContainingGroupIds() []string
	GetFlattenedContainingRoleEntities() []*EntityContainerEntity
	// The date and time of the account's latest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	GetMostRecentActivity() *string
	// Information regarding the account's password.
	GetPasswordAttributes() PasswordAttributes
	GetTenant() *string
	GetTitle() *string
}

A specialized `AccountDescriptor` for SSO user accounts.

type SsoUserAccountDescriptorImpl 

type SsoUserAccountDescriptorImpl struct {
	Archived                          bool                     `json:"archived"`
	ContainingEntities                []*EntityContainerEntity `json:"containingEntities"`
	ContainingGroupEntities           []*EntityContainerEntity `json:"containingGroupEntities"`
	ContainingGroupIds                []string                 `json:"containingGroupIds"`
	ContainingRoleEntities            []*EntityContainerEntity `json:"containingRoleEntities"`
	CreationTime                      string                   `json:"creationTime"`
	CredentialsDataSource             *DataSource              `json:"credentialsDataSource,omitempty"`
	DataSource                        DataSource               `json:"dataSource"`
	DataSourceConfigurationIdentifier string                   `json:"dataSourceConfigurationIdentifier"`
	DataSourceLoginIdentifier         *string                  `json:"dataSourceLoginIdentifier,omitempty"`
	DataSourceParticipantIdentifier   string                   `json:"dataSourceParticipantIdentifier"`
	Department                        *string                  `json:"department,omitempty"`
	Description                       *string                  `json:"description,omitempty"`
	Enabled                           bool                     `json:"enabled"`
	FlattenedContainingGroupEntities  []*EntityContainerEntity `json:"flattenedContainingGroupEntities"`
	FlattenedContainingGroupIds       []string                 `json:"flattenedContainingGroupIds"`
	FlattenedContainingRoleEntities   []*EntityContainerEntity `json:"flattenedContainingRoleEntities"`
	MostRecentActivity                *string                  `json:"mostRecentActivity,omitempty"`
	PasswordAttributes                PasswordAttributes       `json:"passwordAttributes,omitempty"`
	Tenant                            *string                  `json:"tenant,omitempty"`
	Title                             *string                  `json:"title,omitempty"`
}

func (SsoUserAccountDescriptorImpl) GetArchived 

func (this SsoUserAccountDescriptorImpl) GetArchived() bool

If `true`, the account no longer exists; if `false`, the account is currently enabled.

func (SsoUserAccountDescriptorImpl) GetContainingEntities 

func (this SsoUserAccountDescriptorImpl) GetContainingEntities() []*EntityContainerEntity

func (SsoUserAccountDescriptorImpl) GetContainingGroupEntities 

func (this SsoUserAccountDescriptorImpl) GetContainingGroupEntities() []*EntityContainerEntity

func (SsoUserAccountDescriptorImpl) GetContainingGroupIds 

func (this SsoUserAccountDescriptorImpl) GetContainingGroupIds() []string

func (SsoUserAccountDescriptorImpl) GetContainingRoleEntities 

func (this SsoUserAccountDescriptorImpl) GetContainingRoleEntities() []*EntityContainerEntity

func (SsoUserAccountDescriptorImpl) GetCreationTime 

func (this SsoUserAccountDescriptorImpl) GetCreationTime() string

func (SsoUserAccountDescriptorImpl) GetCredentialsDataSource 

func (this SsoUserAccountDescriptorImpl) GetCredentialsDataSource() *DataSource

func (SsoUserAccountDescriptorImpl) GetDataSource 

func (this SsoUserAccountDescriptorImpl) GetDataSource() DataSource

The data source of this account. Together with the entity type, the data source determines the account descriptor subtype to be used.

func (SsoUserAccountDescriptorImpl) GetDataSourceConfigurationIdentifier 

func (this SsoUserAccountDescriptorImpl) GetDataSourceConfigurationIdentifier() string

The ID of the connector configuration associated with this account.

func (SsoUserAccountDescriptorImpl) GetDataSourceLoginIdentifier 

func (this SsoUserAccountDescriptorImpl) GetDataSourceLoginIdentifier() *string

func (SsoUserAccountDescriptorImpl) GetDataSourceParticipantIdentifier 

func (this SsoUserAccountDescriptorImpl) GetDataSourceParticipantIdentifier() string

A unique identifier used by the connector to identify this account.

func (SsoUserAccountDescriptorImpl) GetDepartment 

func (this SsoUserAccountDescriptorImpl) GetDepartment() *string

func (SsoUserAccountDescriptorImpl) GetDescription 

func (this SsoUserAccountDescriptorImpl) GetDescription() *string

func (SsoUserAccountDescriptorImpl) GetEnabled 

func (this SsoUserAccountDescriptorImpl) GetEnabled() bool

If `true`, the account is currently enabled; if `false`, the account no longer exists.

func (SsoUserAccountDescriptorImpl) GetFlattenedContainingGroupEntities 

func (this SsoUserAccountDescriptorImpl) GetFlattenedContainingGroupEntities() []*EntityContainerEntity

func (SsoUserAccountDescriptorImpl) GetFlattenedContainingGroupIds 

func (this SsoUserAccountDescriptorImpl) GetFlattenedContainingGroupIds() []string

func (SsoUserAccountDescriptorImpl) GetFlattenedContainingRoleEntities 

func (this SsoUserAccountDescriptorImpl) GetFlattenedContainingRoleEntities() []*EntityContainerEntity

func (SsoUserAccountDescriptorImpl) GetMostRecentActivity 

func (this SsoUserAccountDescriptorImpl) GetMostRecentActivity() *string

The date and time of the account's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (SsoUserAccountDescriptorImpl) GetPasswordAttributes 

func (this SsoUserAccountDescriptorImpl) GetPasswordAttributes() PasswordAttributes

Information regarding the account's password.

func (SsoUserAccountDescriptorImpl) GetTenant 

func (this SsoUserAccountDescriptorImpl) GetTenant() *string

func (SsoUserAccountDescriptorImpl) GetTitle 

func (this SsoUserAccountDescriptorImpl) GetTitle() *string

func (SsoUserAccountDescriptorImpl) IsAccountDescriptor 

func (SsoUserAccountDescriptorImpl) IsAccountDescriptor()

func (SsoUserAccountDescriptorImpl) IsActivityParticipatingAccountDescriptor 

func (SsoUserAccountDescriptorImpl) IsActivityParticipatingAccountDescriptor()

func (SsoUserAccountDescriptorImpl) IsSsoUserAccountDescriptor 

func (SsoUserAccountDescriptorImpl) IsSsoUserAccountDescriptor()

func (SsoUserAccountDescriptorImpl) IsUserAccountDescriptor 

func (SsoUserAccountDescriptorImpl) IsUserAccountDescriptor()

type SystemComponent 

type SystemComponent string
const (
	SystemComponentManagement  SystemComponent = "MANAGEMENT"
	SystemComponentEnforcement SystemComponent = "ENFORCEMENT"
	SystemComponentDetection   SystemComponent = "DETECTION"
)

func (SystemComponent) IsValid 

func (e SystemComponent) IsValid() bool

func (SystemComponent) MarshalGQL 

func (e SystemComponent) MarshalGQL(w io.Writer)

func (SystemComponent) String 

func (e SystemComponent) String() string

func (*SystemComponent) UnmarshalGQL 

func (e *SystemComponent) UnmarshalGQL(v interface{}) error

type SystemLoginFailureDetails 

type SystemLoginFailureDetails struct {
	// A human-readable error message describing an error or failure.
	Message string                   `json:"message"`
	Result  SystemLoginFailureReason `json:"result"`
}

An error descriptor. This common interface contains just a human-readable error message. For more structural data which can be used programmatically, see the specialized sub-types of this interface.

func (SystemLoginFailureDetails) GetMessage 

func (this SystemLoginFailureDetails) GetMessage() string

A human-readable error message describing an error or failure.

func (SystemLoginFailureDetails) IsErrorDetails 

func (SystemLoginFailureDetails) IsErrorDetails()

type SystemLoginFailureReason 

type SystemLoginFailureReason string
const (
	SystemLoginFailureReasonUnknown            SystemLoginFailureReason = "UNKNOWN"
	SystemLoginFailureReasonInvalidUsername    SystemLoginFailureReason = "INVALID_USERNAME"
	SystemLoginFailureReasonWrongPassword      SystemLoginFailureReason = "WRONG_PASSWORD"
	SystemLoginFailureReasonInvalidCredentials SystemLoginFailureReason = "INVALID_CREDENTIALS"
	SystemLoginFailureReasonUnauthorized       SystemLoginFailureReason = "UNAUTHORIZED"
	SystemLoginFailureReasonMfaDeny            SystemLoginFailureReason = "MFA_DENY"
	SystemLoginFailureReasonMfaTimeout         SystemLoginFailureReason = "MFA_TIMEOUT"
	SystemLoginFailureReasonTimeout            SystemLoginFailureReason = "TIMEOUT"
)

func (SystemLoginFailureReason) IsValid 

func (e SystemLoginFailureReason) IsValid() bool

func (SystemLoginFailureReason) MarshalGQL 

func (e SystemLoginFailureReason) MarshalGQL(w io.Writer)

func (SystemLoginFailureReason) String 

func (e SystemLoginFailureReason) String() string

func (*SystemLoginFailureReason) UnmarshalGQL 

func (e *SystemLoginFailureReason) UnmarshalGQL(v interface{}) error

type SystemNotificationQueryInput 

type SystemNotificationQueryInput struct {
	RuleIds []string `json:"ruleIds,omitempty"`
}

type SystemUser 

type SystemUser struct {
	// The system user display name. `Entity:primaryDisplayName` is used if the user is associated with an entity.
	DisplayName string `json:"displayName"`
	// The system user type.
	Type SystemUserType `json:"type"`
	// The user entity associated with the system user, if any.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

The descriptor of a system user.

type SystemUserType 

type SystemUserType string

An enumeration of `SystemUser` types. 

const (
	SystemUserTypeCs         SystemUserType = "CS"
	SystemUserTypeCsToken    SystemUserType = "CS_TOKEN"
	SystemUserTypeLegacyUser SystemUserType = "LEGACY_USER"
)

func (SystemUserType) IsValid 

func (e SystemUserType) IsValid() bool

func (SystemUserType) MarshalGQL 

func (e SystemUserType) MarshalGQL(w io.Writer)

func (SystemUserType) String 

func (e SystemUserType) String() string

func (*SystemUserType) UnmarshalGQL 

func (e *SystemUserType) UnmarshalGQL(v interface{}) error

type TLSVersion 

type TLSVersion string
const (
	TLSVersionTLSNoVersion TLSVersion = "TLS_NO_VERSION"
	TLSVersionTLSV1_0      TLSVersion = "TLS_V1_0"
	TLSVersionTLSV1_1      TLSVersion = "TLS_V1_1"
	TLSVersionTLSV1_2      TLSVersion = "TLS_V1_2"
	TLSVersionTLSV1_3      TLSVersion = "TLS_V1_3"
)

func (TLSVersion) IsValid 

func (e TLSVersion) IsValid() bool

func (TLSVersion) MarshalGQL 

func (e TLSVersion) MarshalGQL(w io.Writer)

func (TLSVersion) String 

func (e TLSVersion) String() string

func (*TLSVersion) UnmarshalGQL 

func (e *TLSVersion) UnmarshalGQL(v interface{}) error

type TimelineAccountCreatedEvent 

type TimelineAccountCreatedEvent struct {
	// A descriptor of the new account
	AccountDescriptor AccountDescriptor `json:"accountDescriptor"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating the creation of an account in some data source (see `Entity:accounts`).

func (TimelineAccountCreatedEvent) GetEndTime 

func (this TimelineAccountCreatedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAccountCreatedEvent) GetEntity 

func (this TimelineAccountCreatedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineAccountCreatedEvent) GetEventID 

func (this TimelineAccountCreatedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAccountCreatedEvent) GetEventLabel 

func (this TimelineAccountCreatedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAccountCreatedEvent) GetEventSeverity 

func (this TimelineAccountCreatedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAccountCreatedEvent) GetEventType 

func (this TimelineAccountCreatedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAccountCreatedEvent) GetRelatedEvents 

func (this TimelineAccountCreatedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAccountCreatedEvent) GetStartTime 

func (this TimelineAccountCreatedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAccountCreatedEvent) GetTimestamp 

func (this TimelineAccountCreatedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAccountCreatedEvent) IsTimelineEntityEvent 

func (TimelineAccountCreatedEvent) IsTimelineEntityEvent()

func (TimelineAccountCreatedEvent) IsTimelineEvent 

func (TimelineAccountCreatedEvent) IsTimelineEvent()

type TimelineAccountDisabledEvent 

type TimelineAccountDisabledEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineAccountDisabledEvent) GetEndTime 

func (this TimelineAccountDisabledEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAccountDisabledEvent) GetEntity 

func (this TimelineAccountDisabledEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineAccountDisabledEvent) GetEventID 

func (this TimelineAccountDisabledEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAccountDisabledEvent) GetEventLabel 

func (this TimelineAccountDisabledEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAccountDisabledEvent) GetEventSeverity 

func (this TimelineAccountDisabledEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAccountDisabledEvent) GetEventType 

func (this TimelineAccountDisabledEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAccountDisabledEvent) GetRelatedEvents 

func (this TimelineAccountDisabledEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAccountDisabledEvent) GetStartTime 

func (this TimelineAccountDisabledEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAccountDisabledEvent) GetTimestamp 

func (this TimelineAccountDisabledEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAccountDisabledEvent) IsTimelineEntityEvent 

func (TimelineAccountDisabledEvent) IsTimelineEntityEvent()

func (TimelineAccountDisabledEvent) IsTimelineEvent 

func (TimelineAccountDisabledEvent) IsTimelineEvent()

type TimelineAccountEnabledEvent 

type TimelineAccountEnabledEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineAccountEnabledEvent) GetEndTime 

func (this TimelineAccountEnabledEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAccountEnabledEvent) GetEntity 

func (this TimelineAccountEnabledEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineAccountEnabledEvent) GetEventID 

func (this TimelineAccountEnabledEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAccountEnabledEvent) GetEventLabel 

func (this TimelineAccountEnabledEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAccountEnabledEvent) GetEventSeverity 

func (this TimelineAccountEnabledEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAccountEnabledEvent) GetEventType 

func (this TimelineAccountEnabledEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAccountEnabledEvent) GetRelatedEvents 

func (this TimelineAccountEnabledEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAccountEnabledEvent) GetStartTime 

func (this TimelineAccountEnabledEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAccountEnabledEvent) GetTimestamp 

func (this TimelineAccountEnabledEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAccountEnabledEvent) IsTimelineEntityEvent 

func (TimelineAccountEnabledEvent) IsTimelineEntityEvent()

func (TimelineAccountEnabledEvent) IsTimelineEvent 

func (TimelineAccountEnabledEvent) IsTimelineEvent()

type TimelineAccountLockedEvent 

type TimelineAccountLockedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineAccountLockedEvent) GetEndTime 

func (this TimelineAccountLockedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAccountLockedEvent) GetEntity 

func (this TimelineAccountLockedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineAccountLockedEvent) GetEventID 

func (this TimelineAccountLockedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAccountLockedEvent) GetEventLabel 

func (this TimelineAccountLockedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAccountLockedEvent) GetEventSeverity 

func (this TimelineAccountLockedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAccountLockedEvent) GetEventType 

func (this TimelineAccountLockedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAccountLockedEvent) GetRelatedEvents 

func (this TimelineAccountLockedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAccountLockedEvent) GetStartTime 

func (this TimelineAccountLockedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAccountLockedEvent) GetTimestamp 

func (this TimelineAccountLockedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAccountLockedEvent) IsTimelineEntityEvent 

func (TimelineAccountLockedEvent) IsTimelineEntityEvent()

func (TimelineAccountLockedEvent) IsTimelineEvent 

func (TimelineAccountLockedEvent) IsTimelineEvent()

type TimelineAccountNameChangeEvent 

type TimelineAccountNameChangeEvent struct {
	// The primary account name associated with the entity following the event.
	CurrentName string `json:"currentName"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The primary account name associated with the entity prior to the event.
	PreviousName string `json:"previousName"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a primary account name change of an `Entity`. The field used as the account name depends on the account type (see `AccountDescriptor` subtypes). For Active Directory accounts, `ActiveDirectoryAccountDescriptor:samAccountName` is used.

func (TimelineAccountNameChangeEvent) GetEndTime 

func (this TimelineAccountNameChangeEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAccountNameChangeEvent) GetEntity 

func (this TimelineAccountNameChangeEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineAccountNameChangeEvent) GetEventID 

func (this TimelineAccountNameChangeEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAccountNameChangeEvent) GetEventLabel 

func (this TimelineAccountNameChangeEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAccountNameChangeEvent) GetEventSeverity 

func (this TimelineAccountNameChangeEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAccountNameChangeEvent) GetEventType 

func (this TimelineAccountNameChangeEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAccountNameChangeEvent) GetRelatedEvents 

func (this TimelineAccountNameChangeEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAccountNameChangeEvent) GetStartTime 

func (this TimelineAccountNameChangeEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAccountNameChangeEvent) GetTimestamp 

func (this TimelineAccountNameChangeEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAccountNameChangeEvent) IsTimelineEntityEvent 

func (TimelineAccountNameChangeEvent) IsTimelineEntityEvent()

func (TimelineAccountNameChangeEvent) IsTimelineEvent 

func (TimelineAccountNameChangeEvent) IsTimelineEvent()

type TimelineAccountUnlockedEvent 

type TimelineAccountUnlockedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineAccountUnlockedEvent) GetEndTime 

func (this TimelineAccountUnlockedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAccountUnlockedEvent) GetEntity 

func (this TimelineAccountUnlockedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineAccountUnlockedEvent) GetEventID 

func (this TimelineAccountUnlockedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAccountUnlockedEvent) GetEventLabel 

func (this TimelineAccountUnlockedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAccountUnlockedEvent) GetEventSeverity 

func (this TimelineAccountUnlockedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAccountUnlockedEvent) GetEventType 

func (this TimelineAccountUnlockedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAccountUnlockedEvent) GetRelatedEvents 

func (this TimelineAccountUnlockedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAccountUnlockedEvent) GetStartTime 

func (this TimelineAccountUnlockedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAccountUnlockedEvent) GetTimestamp 

func (this TimelineAccountUnlockedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAccountUnlockedEvent) IsTimelineEntityEvent 

func (TimelineAccountUnlockedEvent) IsTimelineEntityEvent()

func (TimelineAccountUnlockedEvent) IsTimelineEvent 

func (TimelineAccountUnlockedEvent) IsTimelineEvent()

type TimelineAlertEvent 

type TimelineAlertEvent struct {
	// A unique identifier of the alert.
	AlertID string `json:"alertId"`
	// The alert type.
	AlertType AlertType `json:"alertType"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The single endpoint entity associated with the alert, if any. This is set to
	// `null` if multiple endpoints are associated with the alert, of if no endpoint
	// is associated with it at all. For a list of all entities involved in the
	// alert, project the `Entities` field.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// A list of all entities associated with this alert.
	Entities []Entity `json:"entities"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The containing incident of the alert.
	Incident  *Incident `json:"incident"`
	PatternID int       `json:"patternId"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// `True` is returned if the alert is resolved.
	Resolved     bool                 `json:"resolved"`
	SourceEntity UserOrEndpointEntity `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string         `json:"startTime"`
	State     *IncidentState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
	// The single user entity associated with the alert, if any. This is set to
	// `null` if multiple users are associated with the alert, of if no user is
	// associated with it at all. For a list of all entities involved in the alert,
	// project the `Entities` field.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `timeline` event indicating a new `Incident` alert.

Unlike most timeline events, this event is continuous. That is to say, the `endTime` may differ significantly from the `startTime`, which is the value used for sorting the events in timeline queries.

func (TimelineAlertEvent) GetEndTime 

func (this TimelineAlertEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAlertEvent) GetEventID 

func (this TimelineAlertEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAlertEvent) GetEventLabel 

func (this TimelineAlertEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAlertEvent) GetEventSeverity 

func (this TimelineAlertEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAlertEvent) GetEventType 

func (this TimelineAlertEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAlertEvent) GetIncident 

func (this TimelineAlertEvent) GetIncident() *Incident

The containing incident of the alert.

func (TimelineAlertEvent) GetRelatedEvents 

func (this TimelineAlertEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAlertEvent) GetStartTime 

func (this TimelineAlertEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAlertEvent) GetTimestamp 

func (this TimelineAlertEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAlertEvent) IsTimelineEvent 

func (TimelineAlertEvent) IsTimelineEvent()

func (TimelineAlertEvent) IsTimelineIncidentLifeCycleEvent 

func (TimelineAlertEvent) IsTimelineIncidentLifeCycleEvent()

type TimelineAlertExceptionModifiedEvent 

type TimelineAlertExceptionModifiedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	PatternID int               `json:"patternId"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineAlertExceptionModifiedEvent) GetEndTime 

func (this TimelineAlertExceptionModifiedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAlertExceptionModifiedEvent) GetEventID 

func (this TimelineAlertExceptionModifiedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAlertExceptionModifiedEvent) GetEventLabel 

func (this TimelineAlertExceptionModifiedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAlertExceptionModifiedEvent) GetEventSeverity 

func (this TimelineAlertExceptionModifiedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAlertExceptionModifiedEvent) GetEventType 

func (this TimelineAlertExceptionModifiedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAlertExceptionModifiedEvent) GetRelatedEvents 

func (this TimelineAlertExceptionModifiedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAlertExceptionModifiedEvent) GetStartTime 

func (this TimelineAlertExceptionModifiedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAlertExceptionModifiedEvent) GetSystemComponent 

func (this TimelineAlertExceptionModifiedEvent) GetSystemComponent() SystemComponent

func (TimelineAlertExceptionModifiedEvent) GetSystemUser 

func (this TimelineAlertExceptionModifiedEvent) GetSystemUser() *SystemUser

func (TimelineAlertExceptionModifiedEvent) GetTimestamp 

func (this TimelineAlertExceptionModifiedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAlertExceptionModifiedEvent) IsTimelineAuditEvent 

func (TimelineAlertExceptionModifiedEvent) IsTimelineAuditEvent()

func (TimelineAlertExceptionModifiedEvent) IsTimelineEvent 

func (TimelineAlertExceptionModifiedEvent) IsTimelineEvent()

func (TimelineAlertExceptionModifiedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineAlertExceptionModifiedEvent) IsTimelineSystemConfigurationEvent()

type TimelineAuditEvent 

type TimelineAuditEvent interface {
	IsTimelineAuditEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	GetSystemComponent() SystemComponent
	GetSystemUser() *SystemUser
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A common interface for all events exposed by the `timeline` API.

type TimelineAuthenticationEvent 

type TimelineAuthenticationEvent interface {
	IsTimelineAuthenticationEvent()
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	GetActiveDirectorySiteName() *string
	// The authentication type.
	GetAuthenticationType() AuthenticationType
	GetBrowserInfo() *BrowserInfo
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	GetDataSource() DataSource
	// A display-oriented label for the data source associated with the activity.
	GetDataSourceVendorName() *string
	GetDeviceName() *string
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	GetDeviceType() *string
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	GetEndpointDisplayName() *string
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	GetEndpointEntity() *EndpointEntity
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// The geolocation associated with the activity, if any.
	GetGeoLocation() *GeoLocation
	// The origin endpoint host name.
	GetHostName() *string
	// The origin endpoint IP address, if available.
	GetIPAddress() *string
	GetIPAddressReputations() []IPReputation
	GetIspClassification() *IspClassification
	GetIspDomain() *string
	// The list of Kerberos encryption types specified by the client. Only set for
	// activities performed over the Kerberos protocol (see `protocolType`),
	GetKerberosEncryptionTypes() []KerberosEncryptionType
	GetLdapSecurityType() *LdapSecurityType
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	GetLocationAssociatedWithUser() *bool
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	GetNetworkTag() *string
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	GetNetworkType() NetworkType
	// Information about the origin endpoint operating system.
	GetOperatingSystemInfo() *OperatingSystemInfo
	// The primary network protocol used for performing the activity.
	GetProtocolType() ProtocolType
	GetProtocolVersion() *string
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	GetSmbDialect() *SmbDialect
	GetSourceEntity() UserOrEndpointEntity
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The target endpoint associated with this activity (such as a domain controller), if any.
	GetTargetEndpointEntity() *EndpointEntity
	// The target service entity.
	GetTargetEntity() Entity
	GetTargetServiceDescription() *string
	GetTargetServiceDisplayName() *string
	// The target service raw identifier.
	GetTargetServiceIdentifier() *string
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	GetTargetServiceType() *ServiceType
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
	GetTLSVersion() *TLSVersion
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	GetUserDisplayName() string
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	GetUserEntity() *UserEntity
}

A `TimelineEvent` interface common to successful and failed authentication `timeline` events.

type TimelineAuthorizerChangeNotificationEvent 

type TimelineAuthorizerChangeNotificationEvent struct {
	AddedAuthorizers  []Entity    `json:"addedAuthorizers"`
	CurrentAuthorizer *UserEntity `json:"currentAuthorizer,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType          TimelineEventType `json:"eventType"`
	PreviousAuthorizer *UserEntity       `json:"previousAuthorizer,omitempty"`
	// A connection of related events.
	RelatedEvents      *TimelineEventConnection `json:"relatedEvents,omitempty"`
	RemovedAuthorizers []Entity                 `json:"removedAuthorizers"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineAuthorizerChangeNotificationEvent) GetEndTime 

func (this TimelineAuthorizerChangeNotificationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineAuthorizerChangeNotificationEvent) GetEntity 

func (this TimelineAuthorizerChangeNotificationEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineAuthorizerChangeNotificationEvent) GetEventID 

func (this TimelineAuthorizerChangeNotificationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineAuthorizerChangeNotificationEvent) GetEventLabel 

func (this TimelineAuthorizerChangeNotificationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineAuthorizerChangeNotificationEvent) GetEventSeverity 

func (this TimelineAuthorizerChangeNotificationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineAuthorizerChangeNotificationEvent) GetEventType 

func (this TimelineAuthorizerChangeNotificationEvent) GetEventType() TimelineEventType

The event type.

func (TimelineAuthorizerChangeNotificationEvent) GetRelatedEvents 

func (this TimelineAuthorizerChangeNotificationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineAuthorizerChangeNotificationEvent) GetStartTime 

func (this TimelineAuthorizerChangeNotificationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineAuthorizerChangeNotificationEvent) GetTimestamp 

func (this TimelineAuthorizerChangeNotificationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineAuthorizerChangeNotificationEvent) IsTimelineEntityEvent 

func (TimelineAuthorizerChangeNotificationEvent) IsTimelineEntityEvent()

func (TimelineAuthorizerChangeNotificationEvent) IsTimelineEvent 

func (TimelineAuthorizerChangeNotificationEvent) IsTimelineEvent()

type TimelineConfigurationReportEvent 

type TimelineConfigurationReportEvent interface {
	IsTimelineConfigurationReportEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// A unique identifier for the report.
	GetReportID() string
	// The report name.
	GetReportName() string
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	GetSystemComponent() SystemComponent
	GetSystemUser() *SystemUser
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A common interface for all events exposed by the `timeline` API.

type TimelineConnectorConfigurationAddedEvent 

type TimelineConnectorConfigurationAddedEvent struct {
	Category string `json:"category"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
	Type      string `json:"type"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineConnectorConfigurationAddedEvent) GetCategory 

func (this TimelineConnectorConfigurationAddedEvent) GetCategory() string

func (TimelineConnectorConfigurationAddedEvent) GetEndTime 

func (this TimelineConnectorConfigurationAddedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineConnectorConfigurationAddedEvent) GetEventID 

func (this TimelineConnectorConfigurationAddedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineConnectorConfigurationAddedEvent) GetEventLabel 

func (this TimelineConnectorConfigurationAddedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineConnectorConfigurationAddedEvent) GetEventSeverity 

func (this TimelineConnectorConfigurationAddedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineConnectorConfigurationAddedEvent) GetEventType 

func (this TimelineConnectorConfigurationAddedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineConnectorConfigurationAddedEvent) GetRelatedEvents 

func (this TimelineConnectorConfigurationAddedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineConnectorConfigurationAddedEvent) GetStartTime 

func (this TimelineConnectorConfigurationAddedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineConnectorConfigurationAddedEvent) GetSystemComponent 

func (this TimelineConnectorConfigurationAddedEvent) GetSystemComponent() SystemComponent

func (TimelineConnectorConfigurationAddedEvent) GetSystemUser 

func (this TimelineConnectorConfigurationAddedEvent) GetSystemUser() *SystemUser

func (TimelineConnectorConfigurationAddedEvent) GetTimestamp 

func (this TimelineConnectorConfigurationAddedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineConnectorConfigurationAddedEvent) GetType 

func (this TimelineConnectorConfigurationAddedEvent) GetType() string

func (TimelineConnectorConfigurationAddedEvent) IsTimelineAuditEvent 

func (TimelineConnectorConfigurationAddedEvent) IsTimelineAuditEvent()

func (TimelineConnectorConfigurationAddedEvent) IsTimelineConnectorConfigurationEvent 

func (TimelineConnectorConfigurationAddedEvent) IsTimelineConnectorConfigurationEvent()

func (TimelineConnectorConfigurationAddedEvent) IsTimelineEvent 

func (TimelineConnectorConfigurationAddedEvent) IsTimelineEvent()

func (TimelineConnectorConfigurationAddedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineConnectorConfigurationAddedEvent) IsTimelineSystemConfigurationEvent()

type TimelineConnectorConfigurationDeletedEvent 

type TimelineConnectorConfigurationDeletedEvent struct {
	Category string `json:"category"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
	Type      string `json:"type"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineConnectorConfigurationDeletedEvent) GetCategory 

func (this TimelineConnectorConfigurationDeletedEvent) GetCategory() string

func (TimelineConnectorConfigurationDeletedEvent) GetEndTime 

func (this TimelineConnectorConfigurationDeletedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineConnectorConfigurationDeletedEvent) GetEventID 

func (this TimelineConnectorConfigurationDeletedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineConnectorConfigurationDeletedEvent) GetEventLabel 

func (this TimelineConnectorConfigurationDeletedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineConnectorConfigurationDeletedEvent) GetEventSeverity 

func (this TimelineConnectorConfigurationDeletedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineConnectorConfigurationDeletedEvent) GetEventType 

func (this TimelineConnectorConfigurationDeletedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineConnectorConfigurationDeletedEvent) GetRelatedEvents 

func (this TimelineConnectorConfigurationDeletedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineConnectorConfigurationDeletedEvent) GetStartTime 

func (this TimelineConnectorConfigurationDeletedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineConnectorConfigurationDeletedEvent) GetSystemComponent 

func (this TimelineConnectorConfigurationDeletedEvent) GetSystemComponent() SystemComponent

func (TimelineConnectorConfigurationDeletedEvent) GetSystemUser 

func (this TimelineConnectorConfigurationDeletedEvent) GetSystemUser() *SystemUser

func (TimelineConnectorConfigurationDeletedEvent) GetTimestamp 

func (this TimelineConnectorConfigurationDeletedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineConnectorConfigurationDeletedEvent) GetType 

func (this TimelineConnectorConfigurationDeletedEvent) GetType() string

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineAuditEvent 

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineAuditEvent()

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineConnectorConfigurationEvent 

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineConnectorConfigurationEvent()

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineEvent 

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineEvent()

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineConnectorConfigurationDeletedEvent) IsTimelineSystemConfigurationEvent()

type TimelineConnectorConfigurationEvent 

type TimelineConnectorConfigurationEvent interface {
	IsTimelineConnectorConfigurationEvent()
	GetCategory() string
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	GetSystemComponent() SystemComponent
	GetSystemUser() *SystemUser
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
	GetType() string
}

A common interface for all events exposed by the `timeline` API.

type TimelineConnectorConfigurationModifiedEvent 

type TimelineConnectorConfigurationModifiedEvent struct {
	Category string `json:"category"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
	Type      string `json:"type"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineConnectorConfigurationModifiedEvent) GetCategory 

func (this TimelineConnectorConfigurationModifiedEvent) GetCategory() string

func (TimelineConnectorConfigurationModifiedEvent) GetEndTime 

func (this TimelineConnectorConfigurationModifiedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineConnectorConfigurationModifiedEvent) GetEventID 

func (this TimelineConnectorConfigurationModifiedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineConnectorConfigurationModifiedEvent) GetEventLabel 

func (this TimelineConnectorConfigurationModifiedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineConnectorConfigurationModifiedEvent) GetEventSeverity 

func (this TimelineConnectorConfigurationModifiedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineConnectorConfigurationModifiedEvent) GetEventType 

func (this TimelineConnectorConfigurationModifiedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineConnectorConfigurationModifiedEvent) GetRelatedEvents 

func (this TimelineConnectorConfigurationModifiedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineConnectorConfigurationModifiedEvent) GetStartTime 

func (this TimelineConnectorConfigurationModifiedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineConnectorConfigurationModifiedEvent) GetSystemComponent 

func (this TimelineConnectorConfigurationModifiedEvent) GetSystemComponent() SystemComponent

func (TimelineConnectorConfigurationModifiedEvent) GetSystemUser 

func (this TimelineConnectorConfigurationModifiedEvent) GetSystemUser() *SystemUser

func (TimelineConnectorConfigurationModifiedEvent) GetTimestamp 

func (this TimelineConnectorConfigurationModifiedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineConnectorConfigurationModifiedEvent) GetType 

func (this TimelineConnectorConfigurationModifiedEvent) GetType() string

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineAuditEvent 

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineAuditEvent()

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineConnectorConfigurationEvent 

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineConnectorConfigurationEvent()

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineEvent 

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineEvent()

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineConnectorConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent()

type TimelineConnectorFailureEvent 

type TimelineConnectorFailureEvent struct {
	ConnectorStatus ConnectorStatus `json:"connectorStatus"`
	ConnectorType   string          `json:"connectorType"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// Information regarding the error.
	ErrorDetails ErrorDetails `json:"errorDetails"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType    TimelineEventType `json:"eventType"`
	ProviderType *string           `json:"providerType,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `TimelineEvent` interface common to system notification `timeline` events.

func (TimelineConnectorFailureEvent) GetEndTime 

func (this TimelineConnectorFailureEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineConnectorFailureEvent) GetErrorDetails 

func (this TimelineConnectorFailureEvent) GetErrorDetails() ErrorDetails

Information regarding the error.

func (TimelineConnectorFailureEvent) GetEventID 

func (this TimelineConnectorFailureEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineConnectorFailureEvent) GetEventLabel 

func (this TimelineConnectorFailureEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineConnectorFailureEvent) GetEventSeverity 

func (this TimelineConnectorFailureEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineConnectorFailureEvent) GetEventType 

func (this TimelineConnectorFailureEvent) GetEventType() TimelineEventType

The event type.

func (TimelineConnectorFailureEvent) GetRelatedEvents 

func (this TimelineConnectorFailureEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineConnectorFailureEvent) GetStartTime 

func (this TimelineConnectorFailureEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineConnectorFailureEvent) GetState 

func (this TimelineConnectorFailureEvent) GetState() *NotificationState

The system notification status.

func (TimelineConnectorFailureEvent) GetTimestamp 

func (this TimelineConnectorFailureEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineConnectorFailureEvent) IsTimelineErrorEvent 

func (TimelineConnectorFailureEvent) IsTimelineErrorEvent()

func (TimelineConnectorFailureEvent) IsTimelineEvent 

func (TimelineConnectorFailureEvent) IsTimelineEvent()

func (TimelineConnectorFailureEvent) IsTimelineNotificationEvent 

func (TimelineConnectorFailureEvent) IsTimelineNotificationEvent()

type TimelineDceRPCEvent 

type TimelineDceRPCEvent struct {
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	ActiveDirectorySiteName *string      `json:"activeDirectorySiteName,omitempty"`
	BrowserInfo             *BrowserInfo `json:"browserInfo,omitempty"`
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	DataSource DataSource `json:"dataSource"`
	// A display-oriented label for the data source associated with the activity.
	DataSourceVendorName *string `json:"dataSourceVendorName,omitempty"`
	// The DCE-RPC activity signature.
	DcerpcSignature DcerpcSignature `json:"dcerpcSignature"`
	DeviceName      *string         `json:"deviceName,omitempty"`
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	DeviceType *string `json:"deviceType,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	EndpointDisplayName *string `json:"endpointDisplayName,omitempty"`
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The geolocation associated with the activity, if any.
	GeoLocation *GeoLocation `json:"geoLocation,omitempty"`
	// The origin endpoint host name.
	HostName *string `json:"hostName,omitempty"`
	// The origin endpoint IP address, if available.
	IPAddress            *string            `json:"ipAddress,omitempty"`
	IPAddressReputations []IPReputation     `json:"ipAddressReputations"`
	IspClassification    *IspClassification `json:"ispClassification,omitempty"`
	IspDomain            *string            `json:"ispDomain,omitempty"`
	LdapSecurityType     *LdapSecurityType  `json:"ldapSecurityType,omitempty"`
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	LocationAssociatedWithUser *bool `json:"locationAssociatedWithUser,omitempty"`
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkTag *string `json:"networkTag,omitempty"`
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkType NetworkType `json:"networkType"`
	// Information about the origin endpoint operating system.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary network protocol used for performing the activity.
	ProtocolType    ProtocolType `json:"protocolType"`
	ProtocolVersion *string      `json:"protocolVersion,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	SourceEntity  UserOrEndpointEntity     `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The target endpoint associated with this activity (such as a domain controller), if any.
	TargetEndpointEntity *EndpointEntity `json:"targetEndpointEntity,omitempty"`
	// The target service entity.
	TargetEntity             Entity  `json:"targetEntity,omitempty"`
	TargetServiceDescription *string `json:"targetServiceDescription,omitempty"`
	TargetServiceDisplayName *string `json:"targetServiceDisplayName,omitempty"`
	// The target service raw identifier.
	TargetServiceIdentifier *string `json:"targetServiceIdentifier,omitempty"`
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	TargetServiceType *ServiceType `json:"targetServiceType,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp  string      `json:"timestamp"`
	TLSVersion *TLSVersion `json:"tlsVersion,omitempty"`
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	UserDisplayName string `json:"userDisplayName"`
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `timeline` event type indicating a DCE/RPC(http://www.dcerpc.org/) activity associated with a particular signature.

func (TimelineDceRPCEvent) GetActiveDirectorySiteName 

func (this TimelineDceRPCEvent) GetActiveDirectorySiteName() *string

If the activity is known to have occurred within an Active Directory site, this is set to the site's name.

func (TimelineDceRPCEvent) GetBrowserInfo 

func (this TimelineDceRPCEvent) GetBrowserInfo() *BrowserInfo

func (TimelineDceRPCEvent) GetDataSource 

func (this TimelineDceRPCEvent) GetDataSource() DataSource

The data source associated with this activity. Because the `DataSource` enumeration contains some fallback values for generic sources, `dataSourceVendorName` is provided as an alternative.

func (TimelineDceRPCEvent) GetDataSourceVendorName 

func (this TimelineDceRPCEvent) GetDataSourceVendorName() *string

A display-oriented label for the data source associated with the activity.

func (TimelineDceRPCEvent) GetDeviceName 

func (this TimelineDceRPCEvent) GetDeviceName() *string

func (TimelineDceRPCEvent) GetDeviceType 

func (this TimelineDceRPCEvent) GetDeviceType() *string

A display-oriented label reflecting the origin endpoint operating system, as exposed by the `operatingSystemInfo` field. The semantics of this value are not rrigorously restricted. Therefore, the data is supposed to used programmatically, it is always recommended to project the underlying `operatingSystemInfo` field instead.

func (TimelineDceRPCEvent) GetEndTime 

func (this TimelineDceRPCEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineDceRPCEvent) GetEndpointDisplayName 

func (this TimelineDceRPCEvent) GetEndpointDisplayName() *string

A display-oriented label reflecting the best available display name for the origin endpoint. `EndpointEntity:primaryDisplayName` is used if available, otherwise either `hostName` or `ipAddress` may be used as a fallback option.

func (TimelineDceRPCEvent) GetEndpointEntity 

func (this TimelineDceRPCEvent) GetEndpointEntity() *EndpointEntity

The origin endpoint entity associated with the activity, if available. Note that `endpointDisplayName` is available even when the entity is unknown.

func (TimelineDceRPCEvent) GetEventID 

func (this TimelineDceRPCEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineDceRPCEvent) GetEventLabel 

func (this TimelineDceRPCEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineDceRPCEvent) GetEventSeverity 

func (this TimelineDceRPCEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineDceRPCEvent) GetEventType 

func (this TimelineDceRPCEvent) GetEventType() TimelineEventType

The event type.

func (TimelineDceRPCEvent) GetGeoLocation 

func (this TimelineDceRPCEvent) GetGeoLocation() *GeoLocation

The geolocation associated with the activity, if any.

func (TimelineDceRPCEvent) GetHostName 

func (this TimelineDceRPCEvent) GetHostName() *string

The origin endpoint host name.

func (TimelineDceRPCEvent) GetIPAddress 

func (this TimelineDceRPCEvent) GetIPAddress() *string

The origin endpoint IP address, if available.

func (TimelineDceRPCEvent) GetIPAddressReputations 

func (this TimelineDceRPCEvent) GetIPAddressReputations() []IPReputation

func (TimelineDceRPCEvent) GetIspClassification 

func (this TimelineDceRPCEvent) GetIspClassification() *IspClassification

func (TimelineDceRPCEvent) GetIspDomain 

func (this TimelineDceRPCEvent) GetIspDomain() *string

func (TimelineDceRPCEvent) GetLdapSecurityType 

func (this TimelineDceRPCEvent) GetLdapSecurityType() *LdapSecurityType

func (TimelineDceRPCEvent) GetLocationAssociatedWithUser 

func (this TimelineDceRPCEvent) GetLocationAssociatedWithUser() *bool

If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.

Returns `null` if no location data is available for this activity or if the user associated with this activity couldn't be correlated with a user entity.

func (TimelineDceRPCEvent) GetNetworkTag 

func (this TimelineDceRPCEvent) GetNetworkTag() *string

The subnet label, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineDceRPCEvent) GetNetworkType 

func (this TimelineDceRPCEvent) GetNetworkType() NetworkType

The subnet type, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineDceRPCEvent) GetOperatingSystemInfo 

func (this TimelineDceRPCEvent) GetOperatingSystemInfo() *OperatingSystemInfo

Information about the origin endpoint operating system.

func (TimelineDceRPCEvent) GetProtocolType 

func (this TimelineDceRPCEvent) GetProtocolType() ProtocolType

The primary network protocol used for performing the activity.

func (TimelineDceRPCEvent) GetProtocolVersion 

func (this TimelineDceRPCEvent) GetProtocolVersion() *string

func (TimelineDceRPCEvent) GetRelatedEvents 

func (this TimelineDceRPCEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineDceRPCEvent) GetSourceEntity 

func (this TimelineDceRPCEvent) GetSourceEntity() UserOrEndpointEntity

func (TimelineDceRPCEvent) GetStartTime 

func (this TimelineDceRPCEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineDceRPCEvent) GetTLSVersion 

func (this TimelineDceRPCEvent) GetTLSVersion() *TLSVersion

func (TimelineDceRPCEvent) GetTargetEndpointEntity 

func (this TimelineDceRPCEvent) GetTargetEndpointEntity() *EndpointEntity

The target endpoint associated with this activity (such as a domain controller), if any.

func (TimelineDceRPCEvent) GetTargetEntity 

func (this TimelineDceRPCEvent) GetTargetEntity() Entity

The target service entity.

func (TimelineDceRPCEvent) GetTargetServiceDescription 

func (this TimelineDceRPCEvent) GetTargetServiceDescription() *string

func (TimelineDceRPCEvent) GetTargetServiceDisplayName 

func (this TimelineDceRPCEvent) GetTargetServiceDisplayName() *string

func (TimelineDceRPCEvent) GetTargetServiceIdentifier 

func (this TimelineDceRPCEvent) GetTargetServiceIdentifier() *string

The target service raw identifier.

func (TimelineDceRPCEvent) GetTargetServiceType 

func (this TimelineDceRPCEvent) GetTargetServiceType() *ServiceType

A classification value of the service accessed, based on the raw identifier (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).

func (TimelineDceRPCEvent) GetTimestamp 

func (this TimelineDceRPCEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineDceRPCEvent) GetUserDisplayName 

func (this TimelineDceRPCEvent) GetUserDisplayName() string

A display-oriented label of the best available display name for the user associated with this event. `UserEntity:primaryDisplayName` is used if available. Otherwise, the raw user identifier used for performing this activity is applied.

func (TimelineDceRPCEvent) GetUserEntity 

func (this TimelineDceRPCEvent) GetUserEntity() *UserEntity

The user entity associated with the activity, if available. Note that `userDisplayName` is available even when the entity is unknown.

func (TimelineDceRPCEvent) IsTimelineEvent 

func (TimelineDceRPCEvent) IsTimelineEvent()

func (TimelineDceRPCEvent) IsTimelineUserOnEndpointActivityEvent 

func (TimelineDceRPCEvent) IsTimelineUserOnEndpointActivityEvent()

type TimelineDepartmentChangeEvent 

type TimelineDepartmentChangeEvent struct {
	// The department associated with the primary account of the entity after the event.
	CurrentDepartment *string `json:"currentDepartment,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The department associated with the primary account of the entity prior to the event.
	PreviousDepartment *string `json:"previousDepartment,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a change in the `Department` field of an entity's primary account.

func (TimelineDepartmentChangeEvent) GetEndTime 

func (this TimelineDepartmentChangeEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineDepartmentChangeEvent) GetEntity 

func (this TimelineDepartmentChangeEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineDepartmentChangeEvent) GetEventID 

func (this TimelineDepartmentChangeEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineDepartmentChangeEvent) GetEventLabel 

func (this TimelineDepartmentChangeEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineDepartmentChangeEvent) GetEventSeverity 

func (this TimelineDepartmentChangeEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineDepartmentChangeEvent) GetEventType 

func (this TimelineDepartmentChangeEvent) GetEventType() TimelineEventType

The event type.

func (TimelineDepartmentChangeEvent) GetRelatedEvents 

func (this TimelineDepartmentChangeEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineDepartmentChangeEvent) GetStartTime 

func (this TimelineDepartmentChangeEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineDepartmentChangeEvent) GetTimestamp 

func (this TimelineDepartmentChangeEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineDepartmentChangeEvent) IsTimelineEntityEvent 

func (TimelineDepartmentChangeEvent) IsTimelineEntityEvent()

func (TimelineDepartmentChangeEvent) IsTimelineEvent 

func (TimelineDepartmentChangeEvent) IsTimelineEvent()

type TimelineDetectionAggressionConfigurationModifiedEvent 

type TimelineDetectionAggressionConfigurationModifiedEvent struct {
	CurrentAggressionLevel *AggressionLevel `json:"currentAggressionLevel,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType               TimelineEventType `json:"eventType"`
	PreviousAggressionLevel *AggressionLevel  `json:"previousAggressionLevel,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetEndTime 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetEventID 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetEventLabel 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetEventSeverity 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetEventType 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetRelatedEvents 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetStartTime 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetSystemComponent 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetSystemComponent() SystemComponent

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetSystemUser 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetSystemUser() *SystemUser

func (TimelineDetectionAggressionConfigurationModifiedEvent) GetTimestamp 

func (this TimelineDetectionAggressionConfigurationModifiedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineDetectionAggressionConfigurationModifiedEvent) IsTimelineAuditEvent 

func (TimelineDetectionAggressionConfigurationModifiedEvent) IsTimelineAuditEvent()

func (TimelineDetectionAggressionConfigurationModifiedEvent) IsTimelineEvent 

func (TimelineDetectionAggressionConfigurationModifiedEvent) IsTimelineEvent()

func (TimelineDetectionAggressionConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineDetectionAggressionConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent()

type TimelineDomainControllerNotificationEvent 

type TimelineDomainControllerNotificationEvent interface {
	IsTimelineDomainControllerNotificationEvent()
	// The domain controller entity.
	GetDomainControllerEntity() *EndpointEntity
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The system notification status.
	GetState() *NotificationState
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

type TimelineDomainRemovalEvent 

type TimelineDomainRemovalEvent struct {
	Domain string `json:"domain"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `TimelineEvent` interface common to system notification `timeline` events.

func (TimelineDomainRemovalEvent) GetEndTime 

func (this TimelineDomainRemovalEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineDomainRemovalEvent) GetEventID 

func (this TimelineDomainRemovalEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineDomainRemovalEvent) GetEventLabel 

func (this TimelineDomainRemovalEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineDomainRemovalEvent) GetEventSeverity 

func (this TimelineDomainRemovalEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineDomainRemovalEvent) GetEventType 

func (this TimelineDomainRemovalEvent) GetEventType() TimelineEventType

The event type.

func (TimelineDomainRemovalEvent) GetRelatedEvents 

func (this TimelineDomainRemovalEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineDomainRemovalEvent) GetStartTime 

func (this TimelineDomainRemovalEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineDomainRemovalEvent) GetState 

func (this TimelineDomainRemovalEvent) GetState() *NotificationState

The system notification status.

func (TimelineDomainRemovalEvent) GetTimestamp 

func (this TimelineDomainRemovalEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineDomainRemovalEvent) IsTimelineEvent 

func (TimelineDomainRemovalEvent) IsTimelineEvent()

func (TimelineDomainRemovalEvent) IsTimelineNotificationEvent 

func (TimelineDomainRemovalEvent) IsTimelineNotificationEvent()

type TimelineEmailAddressChangeEvent 

type TimelineEmailAddressChangeEvent struct {
	// The list of email addresses associated with the entity after the event.
	CurrentEmailAddresses []string `json:"currentEmailAddresses"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The list of email addresses associated with the entity prior to the event.
	PreviousEmailAddresses []string `json:"previousEmailAddresses"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a change in a user's `UserEntity:emailAddresses` list.

func (TimelineEmailAddressChangeEvent) GetEndTime 

func (this TimelineEmailAddressChangeEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEmailAddressChangeEvent) GetEntity 

func (this TimelineEmailAddressChangeEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEmailAddressChangeEvent) GetEventID 

func (this TimelineEmailAddressChangeEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEmailAddressChangeEvent) GetEventLabel 

func (this TimelineEmailAddressChangeEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEmailAddressChangeEvent) GetEventSeverity 

func (this TimelineEmailAddressChangeEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEmailAddressChangeEvent) GetEventType 

func (this TimelineEmailAddressChangeEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEmailAddressChangeEvent) GetRelatedEvents 

func (this TimelineEmailAddressChangeEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEmailAddressChangeEvent) GetStartTime 

func (this TimelineEmailAddressChangeEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEmailAddressChangeEvent) GetTimestamp 

func (this TimelineEmailAddressChangeEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEmailAddressChangeEvent) IsTimelineEntityEvent 

func (TimelineEmailAddressChangeEvent) IsTimelineEntityEvent()

func (TimelineEmailAddressChangeEvent) IsTimelineEvent 

func (TimelineEmailAddressChangeEvent) IsTimelineEvent()

type TimelineEmailNotificationConfigurationModifiedEvent 

type TimelineEmailNotificationConfigurationModifiedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineEmailNotificationConfigurationModifiedEvent) GetEndTime 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEmailNotificationConfigurationModifiedEvent) GetEventID 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEmailNotificationConfigurationModifiedEvent) GetEventLabel 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEmailNotificationConfigurationModifiedEvent) GetEventSeverity 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEmailNotificationConfigurationModifiedEvent) GetEventType 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEmailNotificationConfigurationModifiedEvent) GetRelatedEvents 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEmailNotificationConfigurationModifiedEvent) GetStartTime 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEmailNotificationConfigurationModifiedEvent) GetSystemComponent 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetSystemComponent() SystemComponent

func (TimelineEmailNotificationConfigurationModifiedEvent) GetSystemUser 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetSystemUser() *SystemUser

func (TimelineEmailNotificationConfigurationModifiedEvent) GetTimestamp 

func (this TimelineEmailNotificationConfigurationModifiedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEmailNotificationConfigurationModifiedEvent) IsTimelineAuditEvent 

func (TimelineEmailNotificationConfigurationModifiedEvent) IsTimelineAuditEvent()

func (TimelineEmailNotificationConfigurationModifiedEvent) IsTimelineEvent 

func (TimelineEmailNotificationConfigurationModifiedEvent) IsTimelineEvent()

func (TimelineEmailNotificationConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineEmailNotificationConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent()

type TimelineEntityArchivedEvent 

type TimelineEntityArchivedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityArchivedEvent) GetEndTime 

func (this TimelineEntityArchivedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityArchivedEvent) GetEntity 

func (this TimelineEntityArchivedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityArchivedEvent) GetEventID 

func (this TimelineEntityArchivedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityArchivedEvent) GetEventLabel 

func (this TimelineEntityArchivedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityArchivedEvent) GetEventSeverity 

func (this TimelineEntityArchivedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityArchivedEvent) GetEventType 

func (this TimelineEntityArchivedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityArchivedEvent) GetRelatedEvents 

func (this TimelineEntityArchivedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityArchivedEvent) GetStartTime 

func (this TimelineEntityArchivedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityArchivedEvent) GetTimestamp 

func (this TimelineEntityArchivedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityArchivedEvent) IsTimelineEntityEvent 

func (TimelineEntityArchivedEvent) IsTimelineEntityEvent()

func (TimelineEntityArchivedEvent) IsTimelineEvent 

func (TimelineEntityArchivedEvent) IsTimelineEvent()

type TimelineEntityEvent 

type TimelineEntityEvent interface {
	IsTimelineEntityEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// The `Entity` associated with this event.
	GetEntity() Entity
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

type TimelineEntityInactiveEvent 

type TimelineEntityInactiveEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType          TimelineEventType `json:"eventType"`
	MostRecentActivity *string           `json:"mostRecentActivity,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityInactiveEvent) GetEndTime 

func (this TimelineEntityInactiveEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityInactiveEvent) GetEntity 

func (this TimelineEntityInactiveEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityInactiveEvent) GetEventID 

func (this TimelineEntityInactiveEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityInactiveEvent) GetEventLabel 

func (this TimelineEntityInactiveEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityInactiveEvent) GetEventSeverity 

func (this TimelineEntityInactiveEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityInactiveEvent) GetEventType 

func (this TimelineEntityInactiveEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityInactiveEvent) GetRelatedEvents 

func (this TimelineEntityInactiveEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityInactiveEvent) GetStartTime 

func (this TimelineEntityInactiveEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityInactiveEvent) GetTimestamp 

func (this TimelineEntityInactiveEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityInactiveEvent) IsTimelineEntityEvent 

func (TimelineEntityInactiveEvent) IsTimelineEntityEvent()

func (TimelineEntityInactiveEvent) IsTimelineEvent 

func (TimelineEntityInactiveEvent) IsTimelineEvent()

type TimelineEntityLearnedEvent 

type TimelineEntityLearnedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityLearnedEvent) GetEndTime 

func (this TimelineEntityLearnedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityLearnedEvent) GetEntity 

func (this TimelineEntityLearnedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityLearnedEvent) GetEventID 

func (this TimelineEntityLearnedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityLearnedEvent) GetEventLabel 

func (this TimelineEntityLearnedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityLearnedEvent) GetEventSeverity 

func (this TimelineEntityLearnedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityLearnedEvent) GetEventType 

func (this TimelineEntityLearnedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityLearnedEvent) GetRelatedEvents 

func (this TimelineEntityLearnedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityLearnedEvent) GetStartTime 

func (this TimelineEntityLearnedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityLearnedEvent) GetTimestamp 

func (this TimelineEntityLearnedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityLearnedEvent) IsTimelineEntityEvent 

func (TimelineEntityLearnedEvent) IsTimelineEntityEvent()

func (TimelineEntityLearnedEvent) IsTimelineEvent 

func (TimelineEntityLearnedEvent) IsTimelineEvent()

type TimelineEntityMarkedEvent 

type TimelineEntityMarkedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityMarkedEvent) GetEndTime 

func (this TimelineEntityMarkedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityMarkedEvent) GetEntity 

func (this TimelineEntityMarkedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityMarkedEvent) GetEventID 

func (this TimelineEntityMarkedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityMarkedEvent) GetEventLabel 

func (this TimelineEntityMarkedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityMarkedEvent) GetEventSeverity 

func (this TimelineEntityMarkedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityMarkedEvent) GetEventType 

func (this TimelineEntityMarkedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityMarkedEvent) GetRelatedEvents 

func (this TimelineEntityMarkedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityMarkedEvent) GetStartTime 

func (this TimelineEntityMarkedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityMarkedEvent) GetTimestamp 

func (this TimelineEntityMarkedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityMarkedEvent) IsTimelineEntityEvent 

func (TimelineEntityMarkedEvent) IsTimelineEntityEvent()

func (TimelineEntityMarkedEvent) IsTimelineEvent 

func (TimelineEntityMarkedEvent) IsTimelineEvent()

type TimelineEntityNotSharedEvent 

type TimelineEntityNotSharedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityNotSharedEvent) GetEndTime 

func (this TimelineEntityNotSharedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityNotSharedEvent) GetEntity 

func (this TimelineEntityNotSharedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityNotSharedEvent) GetEventID 

func (this TimelineEntityNotSharedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityNotSharedEvent) GetEventLabel 

func (this TimelineEntityNotSharedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityNotSharedEvent) GetEventSeverity 

func (this TimelineEntityNotSharedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityNotSharedEvent) GetEventType 

func (this TimelineEntityNotSharedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityNotSharedEvent) GetRelatedEvents 

func (this TimelineEntityNotSharedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityNotSharedEvent) GetStartTime 

func (this TimelineEntityNotSharedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityNotSharedEvent) GetTimestamp 

func (this TimelineEntityNotSharedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityNotSharedEvent) IsTimelineEntityEvent 

func (TimelineEntityNotSharedEvent) IsTimelineEntityEvent()

func (TimelineEntityNotSharedEvent) IsTimelineEvent 

func (TimelineEntityNotSharedEvent) IsTimelineEvent()

type TimelineEntityResurgenceEvent 

type TimelineEntityResurgenceEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType          TimelineEventType `json:"eventType"`
	MostRecentActivity *string           `json:"mostRecentActivity,omitempty"`
	PrecedingActivity  *string           `json:"precedingActivity,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityResurgenceEvent) GetEndTime 

func (this TimelineEntityResurgenceEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityResurgenceEvent) GetEntity 

func (this TimelineEntityResurgenceEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityResurgenceEvent) GetEventID 

func (this TimelineEntityResurgenceEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityResurgenceEvent) GetEventLabel 

func (this TimelineEntityResurgenceEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityResurgenceEvent) GetEventSeverity 

func (this TimelineEntityResurgenceEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityResurgenceEvent) GetEventType 

func (this TimelineEntityResurgenceEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityResurgenceEvent) GetRelatedEvents 

func (this TimelineEntityResurgenceEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityResurgenceEvent) GetStartTime 

func (this TimelineEntityResurgenceEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityResurgenceEvent) GetTimestamp 

func (this TimelineEntityResurgenceEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityResurgenceEvent) IsTimelineEntityEvent 

func (TimelineEntityResurgenceEvent) IsTimelineEntityEvent()

func (TimelineEntityResurgenceEvent) IsTimelineEvent 

func (TimelineEntityResurgenceEvent) IsTimelineEvent()

type TimelineEntitySharedEvent 

type TimelineEntitySharedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntitySharedEvent) GetEndTime 

func (this TimelineEntitySharedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntitySharedEvent) GetEntity 

func (this TimelineEntitySharedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntitySharedEvent) GetEventID 

func (this TimelineEntitySharedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntitySharedEvent) GetEventLabel 

func (this TimelineEntitySharedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntitySharedEvent) GetEventSeverity 

func (this TimelineEntitySharedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntitySharedEvent) GetEventType 

func (this TimelineEntitySharedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntitySharedEvent) GetRelatedEvents 

func (this TimelineEntitySharedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntitySharedEvent) GetStartTime 

func (this TimelineEntitySharedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntitySharedEvent) GetTimestamp 

func (this TimelineEntitySharedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntitySharedEvent) IsTimelineEntityEvent 

func (TimelineEntitySharedEvent) IsTimelineEntityEvent()

func (TimelineEntitySharedEvent) IsTimelineEvent 

func (TimelineEntitySharedEvent) IsTimelineEvent()

type TimelineEntityStaleEvent 

type TimelineEntityStaleEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType          TimelineEventType `json:"eventType"`
	MostRecentActivity *string           `json:"mostRecentActivity,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityStaleEvent) GetEndTime 

func (this TimelineEntityStaleEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityStaleEvent) GetEntity 

func (this TimelineEntityStaleEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityStaleEvent) GetEventID 

func (this TimelineEntityStaleEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityStaleEvent) GetEventLabel 

func (this TimelineEntityStaleEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityStaleEvent) GetEventSeverity 

func (this TimelineEntityStaleEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityStaleEvent) GetEventType 

func (this TimelineEntityStaleEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityStaleEvent) GetRelatedEvents 

func (this TimelineEntityStaleEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityStaleEvent) GetStartTime 

func (this TimelineEntityStaleEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityStaleEvent) GetTimestamp 

func (this TimelineEntityStaleEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityStaleEvent) IsTimelineEntityEvent 

func (TimelineEntityStaleEvent) IsTimelineEntityEvent()

func (TimelineEntityStaleEvent) IsTimelineEvent 

func (TimelineEntityStaleEvent) IsTimelineEvent()

type TimelineEntityUnarchivedEvent 

type TimelineEntityUnarchivedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityUnarchivedEvent) GetEndTime 

func (this TimelineEntityUnarchivedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityUnarchivedEvent) GetEntity 

func (this TimelineEntityUnarchivedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityUnarchivedEvent) GetEventID 

func (this TimelineEntityUnarchivedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityUnarchivedEvent) GetEventLabel 

func (this TimelineEntityUnarchivedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityUnarchivedEvent) GetEventSeverity 

func (this TimelineEntityUnarchivedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityUnarchivedEvent) GetEventType 

func (this TimelineEntityUnarchivedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityUnarchivedEvent) GetRelatedEvents 

func (this TimelineEntityUnarchivedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityUnarchivedEvent) GetStartTime 

func (this TimelineEntityUnarchivedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityUnarchivedEvent) GetTimestamp 

func (this TimelineEntityUnarchivedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityUnarchivedEvent) IsTimelineEntityEvent 

func (TimelineEntityUnarchivedEvent) IsTimelineEntityEvent()

func (TimelineEntityUnarchivedEvent) IsTimelineEvent 

func (TimelineEntityUnarchivedEvent) IsTimelineEvent()

type TimelineEntityUnmarkedEvent 

type TimelineEntityUnmarkedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityUnmarkedEvent) GetEndTime 

func (this TimelineEntityUnmarkedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityUnmarkedEvent) GetEntity 

func (this TimelineEntityUnmarkedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityUnmarkedEvent) GetEventID 

func (this TimelineEntityUnmarkedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityUnmarkedEvent) GetEventLabel 

func (this TimelineEntityUnmarkedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityUnmarkedEvent) GetEventSeverity 

func (this TimelineEntityUnmarkedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityUnmarkedEvent) GetEventType 

func (this TimelineEntityUnmarkedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityUnmarkedEvent) GetRelatedEvents 

func (this TimelineEntityUnmarkedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityUnmarkedEvent) GetStartTime 

func (this TimelineEntityUnmarkedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityUnmarkedEvent) GetTimestamp 

func (this TimelineEntityUnmarkedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityUnmarkedEvent) IsTimelineEntityEvent 

func (TimelineEntityUnmarkedEvent) IsTimelineEntityEvent()

func (TimelineEntityUnmarkedEvent) IsTimelineEvent 

func (TimelineEntityUnmarkedEvent) IsTimelineEvent()

type TimelineEntityUnwatchedEvent 

type TimelineEntityUnwatchedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime  string      `json:"startTime"`
	SystemUser *SystemUser `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityUnwatchedEvent) GetEndTime 

func (this TimelineEntityUnwatchedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityUnwatchedEvent) GetEntity 

func (this TimelineEntityUnwatchedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityUnwatchedEvent) GetEventID 

func (this TimelineEntityUnwatchedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityUnwatchedEvent) GetEventLabel 

func (this TimelineEntityUnwatchedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityUnwatchedEvent) GetEventSeverity 

func (this TimelineEntityUnwatchedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityUnwatchedEvent) GetEventType 

func (this TimelineEntityUnwatchedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityUnwatchedEvent) GetRelatedEvents 

func (this TimelineEntityUnwatchedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityUnwatchedEvent) GetStartTime 

func (this TimelineEntityUnwatchedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityUnwatchedEvent) GetTimestamp 

func (this TimelineEntityUnwatchedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityUnwatchedEvent) IsTimelineEntityEvent 

func (TimelineEntityUnwatchedEvent) IsTimelineEntityEvent()

func (TimelineEntityUnwatchedEvent) IsTimelineEvent 

func (TimelineEntityUnwatchedEvent) IsTimelineEvent()

type TimelineEntityWatchedEvent 

type TimelineEntityWatchedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime  string      `json:"startTime"`
	SystemUser *SystemUser `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineEntityWatchedEvent) GetEndTime 

func (this TimelineEntityWatchedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEntityWatchedEvent) GetEntity 

func (this TimelineEntityWatchedEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineEntityWatchedEvent) GetEventID 

func (this TimelineEntityWatchedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEntityWatchedEvent) GetEventLabel 

func (this TimelineEntityWatchedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEntityWatchedEvent) GetEventSeverity 

func (this TimelineEntityWatchedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEntityWatchedEvent) GetEventType 

func (this TimelineEntityWatchedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineEntityWatchedEvent) GetRelatedEvents 

func (this TimelineEntityWatchedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEntityWatchedEvent) GetStartTime 

func (this TimelineEntityWatchedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEntityWatchedEvent) GetTimestamp 

func (this TimelineEntityWatchedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEntityWatchedEvent) IsTimelineEntityEvent 

func (TimelineEntityWatchedEvent) IsTimelineEntityEvent()

func (TimelineEntityWatchedEvent) IsTimelineEvent 

func (TimelineEntityWatchedEvent) IsTimelineEvent()

type TimelineErrorEvent 

type TimelineErrorEvent interface {
	IsTimelineErrorEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// Information regarding the error.
	GetErrorDetails() ErrorDetails
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A `TimelineEvent` interface common to `timeline` events indicating an error or a failure.

type TimelineEvent 

type TimelineEvent interface {
	IsTimelineEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A common interface for all events exposed by the `timeline` API.

type TimelineEventCategory 

type TimelineEventCategory string

An enumeration of `timeline` event categories, each representing multiple `TimelineEventType` values. They can be used to restrict event types instead of or together with the exact event types in `timeline` query criteria.

These categories form logical groups for timeline events, and any event type can belong to multiple categories. Moreover, the mapping between categories to event types may change between versions.

See the `categories` timeline query argument for additional information on the usage of this enumeration. 

const (
	// The category for event types indicating network activities, such as authentication and service accesses.
	TimelineEventCategoryActivity TimelineEventCategory = "ACTIVITY"
	// The category for audit log event types. This category is used by the system audit log page.
	TimelineEventCategoryAudit TimelineEventCategory = "AUDIT"
	// The category for all event types focused on a single `Entity`. This category
	// is used by the Entity page "Timeline" in the user interface.
	TimelineEventCategoryEntity TimelineEventCategory = "ENTITY"
	// The category for all event types representing system notifications. This
	// category is used by the Notifications page in the user interface.
	TimelineEventCategoryNotification TimelineEventCategory = "NOTIFICATION"
	// The category for all policy-related event types, used by the policy audit log.
	TimelineEventCategoryPolicy TimelineEventCategory = "POLICY"
	// The category for all system-related event types.
	TimelineEventCategorySystem TimelineEventCategory = "SYSTEM"
	// The category for threat-related event types, such as alerts and score escalations.
	TimelineEventCategoryThreat TimelineEventCategory = "THREAT"
	// The category for system-notification event types related to coverage issues.
	TimelineEventCategorySystemCoverageNotification TimelineEventCategory = "SYSTEM_COVERAGE_NOTIFICATION"
	// The category for system-notification event types related to software updates.
	TimelineEventCategorySoftwareUpdate TimelineEventCategory = "SOFTWARE_UPDATE"
	// The category for system-notification event types related to configured connectors.
	TimelineEventCategoryConnectorNotification TimelineEventCategory = "CONNECTOR_NOTIFICATION"
	// The category for all event types which may be Threat Hunter queries.
	TimelineEventCategoryThreatHunter TimelineEventCategory = "THREAT_HUNTER"
)

func (TimelineEventCategory) IsValid 

func (e TimelineEventCategory) IsValid() bool

func (TimelineEventCategory) MarshalGQL 

func (e TimelineEventCategory) MarshalGQL(w io.Writer)

func (TimelineEventCategory) String 

func (e TimelineEventCategory) String() string

func (*TimelineEventCategory) UnmarshalGQL 

func (e *TimelineEventCategory) UnmarshalGQL(v interface{}) error

type TimelineEventConnection 

type TimelineEventConnection struct {
	// List of `TimelineEvent` edges.
	Edges []*TimelineEventEdge `json:"edges"`
	// Information to aid in pagination.
	PageInfo *PageInfo `json:"pageInfo"`
	// A convenience extension to the standard Relay Connection type, directly
	// exposing the `TimelineEvent` elements, which may be used *instead* of edges.
	// It is primarily useful in conjunction with `startCursor` and `endCursor`, or
	// when exploring the API interactively (e.g. in GraphiQL).
	Nodes []TimelineEvent `json:"nodes"`
}

A [Relay-Compatible](https://facebook.github.io/relay/graphql/connections.htm) Connection type for paginating over `TimelineEvent` elements.

type TimelineEventEdge 

type TimelineEventEdge struct {
	// Cursor pointing to this edge, to be used in standard pagination query arguments (`before`, `after`).
	Cursor string `json:"cursor"`
	// The `TimelineEvent` item at the end of this edge.
	Node TimelineEvent `json:"node"`
}

A `TimelineEvent` edge in a connection.

type TimelineEventImpl 

type TimelineEventImpl struct {
	EndTime       string                   `json:"endTime"`
	EventID       string                   `json:"eventId"`
	EventLabel    string                   `json:"eventLabel"`
	EventSeverity TimelineEventSeverity    `json:"eventSeverity"`
	EventType     TimelineEventType        `json:"eventType"`
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	StartTime     string                   `json:"startTime"`
	Timestamp     string                   `json:"timestamp"`
}

func (TimelineEventImpl) GetEndTime 

func (this TimelineEventImpl) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineEventImpl) GetEventID 

func (this TimelineEventImpl) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineEventImpl) GetEventLabel 

func (this TimelineEventImpl) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineEventImpl) GetEventSeverity 

func (this TimelineEventImpl) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineEventImpl) GetEventType 

func (this TimelineEventImpl) GetEventType() TimelineEventType

The event type.

func (TimelineEventImpl) GetRelatedEvents 

func (this TimelineEventImpl) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineEventImpl) GetStartTime 

func (this TimelineEventImpl) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineEventImpl) GetTimestamp 

func (this TimelineEventImpl) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineEventImpl) IsTimelineEvent 

func (TimelineEventImpl) IsTimelineEvent()

type TimelineEventSeverity 

type TimelineEventSeverity string
const (
	TimelineEventSeverityNeutral   TimelineEventSeverity = "NEUTRAL"
	TimelineEventSeverityModerate  TimelineEventSeverity = "MODERATE"
	TimelineEventSeverityImportant TimelineEventSeverity = "IMPORTANT"
)

func (TimelineEventSeverity) IsValid 

func (e TimelineEventSeverity) IsValid() bool

func (TimelineEventSeverity) MarshalGQL 

func (e TimelineEventSeverity) MarshalGQL(w io.Writer)

func (TimelineEventSeverity) String 

func (e TimelineEventSeverity) String() string

func (*TimelineEventSeverity) UnmarshalGQL 

func (e *TimelineEventSeverity) UnmarshalGQL(v interface{}) error

type TimelineEventType 

type TimelineEventType string
const (
	TimelineEventTypeSuccessfulAuthentication                     TimelineEventType = "SUCCESSFUL_AUTHENTICATION"
	TimelineEventTypeFailedAuthentication                         TimelineEventType = "FAILED_AUTHENTICATION"
	TimelineEventTypeServiceAccess                                TimelineEventType = "SERVICE_ACCESS"
	TimelineEventTypeDcerpcOperation                              TimelineEventType = "DCERPC_OPERATION"
	TimelineEventTypeRemoteCodeExecution                          TimelineEventType = "REMOTE_CODE_EXECUTION"
	TimelineEventTypeFileOperation                                TimelineEventType = "FILE_OPERATION"
	TimelineEventTypeLdapSearch                                   TimelineEventType = "LDAP_SEARCH"
	TimelineEventTypeAccountCreated                               TimelineEventType = "ACCOUNT_CREATED"
	TimelineEventTypePasswordChange                               TimelineEventType = "PASSWORD_CHANGE"
	TimelineEventTypeAccountNameChange                            TimelineEventType = "ACCOUNT_NAME_CHANGE"
	TimelineEventTypeDepartmentChange                             TimelineEventType = "DEPARTMENT_CHANGE"
	TimelineEventTypeOuChange                                     TimelineEventType = "OU_CHANGE"
	TimelineEventTypeEmailAddressChange                           TimelineEventType = "EMAIL_ADDRESS_CHANGE"
	TimelineEventTypeAccountEnabled                               TimelineEventType = "ACCOUNT_ENABLED"
	TimelineEventTypeAccountDisabled                              TimelineEventType = "ACCOUNT_DISABLED"
	TimelineEventTypeAccountLocked                                TimelineEventType = "ACCOUNT_LOCKED"
	TimelineEventTypeAccountUnlocked                              TimelineEventType = "ACCOUNT_UNLOCKED"
	TimelineEventTypeEntityResurgence                             TimelineEventType = "ENTITY_RESURGENCE"
	TimelineEventTypeEntityInactive                               TimelineEventType = "ENTITY_INACTIVE"
	TimelineEventTypeEntityStale                                  TimelineEventType = "ENTITY_STALE"
	TimelineEventTypeEntityShared                                 TimelineEventType = "ENTITY_SHARED"
	TimelineEventTypeEntityNotShared                              TimelineEventType = "ENTITY_NOT_SHARED"
	TimelineEventTypeEntityLearned                                TimelineEventType = "ENTITY_LEARNED"
	TimelineEventTypeEntityMarked                                 TimelineEventType = "ENTITY_MARKED"
	TimelineEventTypeEntityUnmarked                               TimelineEventType = "ENTITY_UNMARKED"
	TimelineEventTypeEntityWatched                                TimelineEventType = "ENTITY_WATCHED"
	TimelineEventTypeEntityUnwatched                              TimelineEventType = "ENTITY_UNWATCHED"
	TimelineEventTypeEntityArchived                               TimelineEventType = "ENTITY_ARCHIVED"
	TimelineEventTypeEntityUnarchived                             TimelineEventType = "ENTITY_UNARCHIVED"
	TimelineEventTypeExposedPassword                              TimelineEventType = "EXPOSED_PASSWORD"
	TimelineEventTypeWeakPassword                                 TimelineEventType = "WEAK_PASSWORD"
	TimelineEventTypePrivilegeEscalation                          TimelineEventType = "PRIVILEGE_ESCALATION"
	TimelineEventTypePrivilegeDeEscalation                        TimelineEventType = "PRIVILEGE_DE_ESCALATION"
	TimelineEventTypeScoreEscalation                              TimelineEventType = "SCORE_ESCALATION"
	TimelineEventTypeScoreDeEscalation                            TimelineEventType = "SCORE_DE_ESCALATION"
	TimelineEventTypeAuthorizerChange                             TimelineEventType = "AUTHORIZER_CHANGE"
	TimelineEventTypeLinkedAccountChange                          TimelineEventType = "LINKED_ACCOUNT_CHANGE"
	TimelineEventTypeAlert                                        TimelineEventType = "ALERT"
	TimelineEventTypeNewIncident                                  TimelineEventType = "NEW_INCIDENT"
	TimelineEventTypeIncidentTypeChange                           TimelineEventType = "INCIDENT_TYPE_CHANGE"
	TimelineEventTypeIncidentSeverityChange                       TimelineEventType = "INCIDENT_SEVERITY_CHANGE"
	TimelineEventTypeIncidentLifeCycleStageChange                 TimelineEventType = "INCIDENT_LIFE_CYCLE_STAGE_CHANGE"
	TimelineEventTypePolicyRuleMatch                              TimelineEventType = "POLICY_RULE_MATCH"
	TimelineEventTypeMfaServiceEnrollment                         TimelineEventType = "MFA_SERVICE_ENROLLMENT"
	TimelineEventTypeConnectorConfigurationModified               TimelineEventType = "CONNECTOR_CONFIGURATION_MODIFIED"
	TimelineEventTypeConnectorConfigurationAdded                  TimelineEventType = "CONNECTOR_CONFIGURATION_ADDED"
	TimelineEventTypeConnectorConfigurationDeleted                TimelineEventType = "CONNECTOR_CONFIGURATION_DELETED"
	TimelineEventTypePolicyRuleModified                           TimelineEventType = "POLICY_RULE_MODIFIED"
	TimelineEventTypePolicyRuleAdded                              TimelineEventType = "POLICY_RULE_ADDED"
	TimelineEventTypePolicyRuleDeleted                            TimelineEventType = "POLICY_RULE_DELETED"
	TimelineEventTypePolicyRulesReordered                         TimelineEventType = "POLICY_RULES_REORDERED"
	TimelineEventTypePolicyApplied                                TimelineEventType = "POLICY_APPLIED"
	TimelineEventTypeAlertExceptionModified                       TimelineEventType = "ALERT_EXCEPTION_MODIFIED"
	TimelineEventTypeReportModified                               TimelineEventType = "REPORT_MODIFIED"
	TimelineEventTypeReportAdded                                  TimelineEventType = "REPORT_ADDED"
	TimelineEventTypeReportDeleted                                TimelineEventType = "REPORT_DELETED"
	TimelineEventTypeEmailNotificationConfigurationModified       TimelineEventType = "EMAIL_NOTIFICATION_CONFIGURATION_MODIFIED"
	TimelineEventTypeDetectionAggressionConfigurationModified     TimelineEventType = "DETECTION_AGGRESSION_CONFIGURATION_MODIFIED"
	TimelineEventTypeRiskFactorsConfigurationModified             TimelineEventType = "RISK_FACTORS_CONFIGURATION_MODIFIED"
	TimelineEventTypeDomainRemoval                                TimelineEventType = "DOMAIN_REMOVAL"
	TimelineEventTypeNetExtractorStoppedPublish                   TimelineEventType = "NET_EXTRACTOR_STOPPED_PUBLISH"
	TimelineEventTypeMfaUIFallbackPeriodChanged                   TimelineEventType = "MFA_UI_FALLBACK_PERIOD_CHANGED"
	TimelineEventTypeUncoveredDomainController                    TimelineEventType = "UNCOVERED_DOMAIN_CONTROLLER"
	TimelineEventTypeConnectorFailure                             TimelineEventType = "CONNECTOR_FAILURE"
	TimelineEventTypeToolFailure                                  TimelineEventType = "TOOL_FAILURE"
	TimelineEventTypeToolDeleted                                  TimelineEventType = "TOOL_DELETED"
	TimelineEventTypeIDPContainerWatchdogEvent                    TimelineEventType = "IDP_CONTAINER_WATCHDOG_EVENT"
	TimelineEventTypeIDPContainerGenericWatchdogEvent             TimelineEventType = "IDP_CONTAINER_GENERIC_WATCHDOG_EVENT"
	TimelineEventTypeNetExtractorStoppedPolicy                    TimelineEventType = "NET_EXTRACTOR_STOPPED_POLICY"
	TimelineEventTypeNetExtractorStoppedTraffic                   TimelineEventType = "NET_EXTRACTOR_STOPPED_TRAFFIC"
	TimelineEventTypeNetExtractorWatchdogAnalyzerServiceRestart   TimelineEventType = "NET_EXTRACTOR_WATCHDOG_ANALYZER_SERVICE_RESTART"
	TimelineEventTypeNetExtractorWatchdogManagementServiceRestart TimelineEventType = "NET_EXTRACTOR_WATCHDOG_MANAGEMENT_SERVICE_RESTART"
	TimelineEventTypeNetExtractorWatchdogMonitoringServiceRestart TimelineEventType = "NET_EXTRACTOR_WATCHDOG_MONITORING_SERVICE_RESTART"
)

func (TimelineEventType) IsValid 

func (e TimelineEventType) IsValid() bool

func (TimelineEventType) MarshalGQL 

func (e TimelineEventType) MarshalGQL(w io.Writer)

func (TimelineEventType) String 

func (e TimelineEventType) String() string

func (*TimelineEventType) UnmarshalGQL 

func (e *TimelineEventType) UnmarshalGQL(v interface{}) error

type TimelineExposedPasswordEvent 

type TimelineExposedPasswordEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineExposedPasswordEvent) GetEndTime 

func (this TimelineExposedPasswordEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineExposedPasswordEvent) GetEntity 

func (this TimelineExposedPasswordEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineExposedPasswordEvent) GetEventID 

func (this TimelineExposedPasswordEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineExposedPasswordEvent) GetEventLabel 

func (this TimelineExposedPasswordEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineExposedPasswordEvent) GetEventSeverity 

func (this TimelineExposedPasswordEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineExposedPasswordEvent) GetEventType 

func (this TimelineExposedPasswordEvent) GetEventType() TimelineEventType

The event type.

func (TimelineExposedPasswordEvent) GetRelatedEvents 

func (this TimelineExposedPasswordEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineExposedPasswordEvent) GetStartTime 

func (this TimelineExposedPasswordEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineExposedPasswordEvent) GetTimestamp 

func (this TimelineExposedPasswordEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineExposedPasswordEvent) IsTimelineEntityEvent 

func (TimelineExposedPasswordEvent) IsTimelineEntityEvent()

func (TimelineExposedPasswordEvent) IsTimelineEvent 

func (TimelineExposedPasswordEvent) IsTimelineEvent()

type TimelineFailedAuthenticationEvent 

type TimelineFailedAuthenticationEvent struct {
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	ActiveDirectorySiteName *string `json:"activeDirectorySiteName,omitempty"`
	// The number of failed authentication attempts.
	ActivityCount int `json:"activityCount"`
	// The authentication type.
	AuthenticationType AuthenticationType `json:"authenticationType"`
	// If `true`, the authentication failure is a result of policy enforcement.
	Blocked     bool         `json:"blocked"`
	BrowserInfo *BrowserInfo `json:"browserInfo,omitempty"`
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	DataSource DataSource `json:"dataSource"`
	// A display-oriented label for the data source associated with the activity.
	DataSourceVendorName *string `json:"dataSourceVendorName,omitempty"`
	DeviceName           *string `json:"deviceName,omitempty"`
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	DeviceType *string `json:"deviceType,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	EndpointDisplayName *string `json:"endpointDisplayName,omitempty"`
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// Additional information about the reason for the authentication failure.
	ErrorDetails ErrorDetails `json:"errorDetails"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The geolocation associated with the activity, if any.
	GeoLocation *GeoLocation `json:"geoLocation,omitempty"`
	// The origin endpoint host name.
	HostName *string `json:"hostName,omitempty"`
	// The origin endpoint IP address, if available.
	IPAddress            *string            `json:"ipAddress,omitempty"`
	IPAddressReputations []IPReputation     `json:"ipAddressReputations"`
	IspClassification    *IspClassification `json:"ispClassification,omitempty"`
	IspDomain            *string            `json:"ispDomain,omitempty"`
	// The list of Kerberos encryption types specified by the client. Only set for
	// activities performed over the Kerberos protocol (see `protocolType`),
	KerberosEncryptionTypes []KerberosEncryptionType `json:"kerberosEncryptionTypes,omitempty"`
	LdapSecurityType        *LdapSecurityType        `json:"ldapSecurityType,omitempty"`
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	LocationAssociatedWithUser *bool `json:"locationAssociatedWithUser,omitempty"`
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkTag *string `json:"networkTag,omitempty"`
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkType NetworkType `json:"networkType"`
	// Information about the origin endpoint operating system.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary network protocol used for performing the activity.
	ProtocolType    ProtocolType `json:"protocolType"`
	ProtocolVersion *string      `json:"protocolVersion,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	SmbDialect    *SmbDialect              `json:"smbDialect,omitempty"`
	SourceEntity  UserOrEndpointEntity     `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The target endpoint associated with this activity (such as a domain controller), if any.
	TargetEndpointEntity *EndpointEntity `json:"targetEndpointEntity,omitempty"`
	// The target service entity.
	TargetEntity             Entity  `json:"targetEntity,omitempty"`
	TargetServiceDescription *string `json:"targetServiceDescription,omitempty"`
	TargetServiceDisplayName *string `json:"targetServiceDisplayName,omitempty"`
	// The target service raw identifier.
	TargetServiceIdentifier *string `json:"targetServiceIdentifier,omitempty"`
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	TargetServiceType *ServiceType `json:"targetServiceType,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp  string      `json:"timestamp"`
	TLSVersion *TLSVersion `json:"tlsVersion,omitempty"`
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	UserDisplayName string `json:"userDisplayName"`
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `timeline` event indicating one or more failed user authentications on an endpoint within one minute.

func (TimelineFailedAuthenticationEvent) GetActiveDirectorySiteName 

func (this TimelineFailedAuthenticationEvent) GetActiveDirectorySiteName() *string

If the activity is known to have occurred within an Active Directory site, this is set to the site's name.

func (TimelineFailedAuthenticationEvent) GetAuthenticationType 

func (this TimelineFailedAuthenticationEvent) GetAuthenticationType() AuthenticationType

The authentication type.

func (TimelineFailedAuthenticationEvent) GetBrowserInfo 

func (this TimelineFailedAuthenticationEvent) GetBrowserInfo() *BrowserInfo

func (TimelineFailedAuthenticationEvent) GetDataSource 

func (this TimelineFailedAuthenticationEvent) GetDataSource() DataSource

The data source associated with this activity. Because the `DataSource` enumeration contains some fallback values for generic sources, `dataSourceVendorName` is provided as an alternative.

func (TimelineFailedAuthenticationEvent) GetDataSourceVendorName 

func (this TimelineFailedAuthenticationEvent) GetDataSourceVendorName() *string

A display-oriented label for the data source associated with the activity.

func (TimelineFailedAuthenticationEvent) GetDeviceName 

func (this TimelineFailedAuthenticationEvent) GetDeviceName() *string

func (TimelineFailedAuthenticationEvent) GetDeviceType 

func (this TimelineFailedAuthenticationEvent) GetDeviceType() *string

A display-oriented label reflecting the origin endpoint operating system, as exposed by the `operatingSystemInfo` field. The semantics of this value are not rrigorously restricted. Therefore, the data is supposed to used programmatically, it is always recommended to project the underlying `operatingSystemInfo` field instead.

func (TimelineFailedAuthenticationEvent) GetEndTime 

func (this TimelineFailedAuthenticationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineFailedAuthenticationEvent) GetEndpointDisplayName 

func (this TimelineFailedAuthenticationEvent) GetEndpointDisplayName() *string

A display-oriented label reflecting the best available display name for the origin endpoint. `EndpointEntity:primaryDisplayName` is used if available, otherwise either `hostName` or `ipAddress` may be used as a fallback option.

func (TimelineFailedAuthenticationEvent) GetEndpointEntity 

func (this TimelineFailedAuthenticationEvent) GetEndpointEntity() *EndpointEntity

The origin endpoint entity associated with the activity, if available. Note that `endpointDisplayName` is available even when the entity is unknown.

func (TimelineFailedAuthenticationEvent) GetErrorDetails 

func (this TimelineFailedAuthenticationEvent) GetErrorDetails() ErrorDetails

Information regarding the error.

func (TimelineFailedAuthenticationEvent) GetEventID 

func (this TimelineFailedAuthenticationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineFailedAuthenticationEvent) GetEventLabel 

func (this TimelineFailedAuthenticationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineFailedAuthenticationEvent) GetEventSeverity 

func (this TimelineFailedAuthenticationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineFailedAuthenticationEvent) GetEventType 

func (this TimelineFailedAuthenticationEvent) GetEventType() TimelineEventType

The event type.

func (TimelineFailedAuthenticationEvent) GetGeoLocation 

func (this TimelineFailedAuthenticationEvent) GetGeoLocation() *GeoLocation

The geolocation associated with the activity, if any.

func (TimelineFailedAuthenticationEvent) GetHostName 

func (this TimelineFailedAuthenticationEvent) GetHostName() *string

The origin endpoint host name.

func (TimelineFailedAuthenticationEvent) GetIPAddress 

func (this TimelineFailedAuthenticationEvent) GetIPAddress() *string

The origin endpoint IP address, if available.

func (TimelineFailedAuthenticationEvent) GetIPAddressReputations 

func (this TimelineFailedAuthenticationEvent) GetIPAddressReputations() []IPReputation

func (TimelineFailedAuthenticationEvent) GetIspClassification 

func (this TimelineFailedAuthenticationEvent) GetIspClassification() *IspClassification

func (TimelineFailedAuthenticationEvent) GetIspDomain 

func (this TimelineFailedAuthenticationEvent) GetIspDomain() *string

func (TimelineFailedAuthenticationEvent) GetKerberosEncryptionTypes 

func (this TimelineFailedAuthenticationEvent) GetKerberosEncryptionTypes() []KerberosEncryptionType

The list of Kerberos encryption types specified by the client. Only set for activities performed over the Kerberos protocol (see `protocolType`),

func (TimelineFailedAuthenticationEvent) GetLdapSecurityType 

func (this TimelineFailedAuthenticationEvent) GetLdapSecurityType() *LdapSecurityType

func (TimelineFailedAuthenticationEvent) GetLocationAssociatedWithUser 

func (this TimelineFailedAuthenticationEvent) GetLocationAssociatedWithUser() *bool

If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.

Returns `null` if no location data is available for this activity or if the user associated with this activity couldn't be correlated with a user entity.

func (TimelineFailedAuthenticationEvent) GetNetworkTag 

func (this TimelineFailedAuthenticationEvent) GetNetworkTag() *string

The subnet label, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineFailedAuthenticationEvent) GetNetworkType 

func (this TimelineFailedAuthenticationEvent) GetNetworkType() NetworkType

The subnet type, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineFailedAuthenticationEvent) GetOperatingSystemInfo 

func (this TimelineFailedAuthenticationEvent) GetOperatingSystemInfo() *OperatingSystemInfo

Information about the origin endpoint operating system.

func (TimelineFailedAuthenticationEvent) GetProtocolType 

func (this TimelineFailedAuthenticationEvent) GetProtocolType() ProtocolType

The primary network protocol used for performing the activity.

func (TimelineFailedAuthenticationEvent) GetProtocolVersion 

func (this TimelineFailedAuthenticationEvent) GetProtocolVersion() *string

func (TimelineFailedAuthenticationEvent) GetRelatedEvents 

func (this TimelineFailedAuthenticationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineFailedAuthenticationEvent) GetSmbDialect 

func (this TimelineFailedAuthenticationEvent) GetSmbDialect() *SmbDialect

func (TimelineFailedAuthenticationEvent) GetSourceEntity 

func (this TimelineFailedAuthenticationEvent) GetSourceEntity() UserOrEndpointEntity

func (TimelineFailedAuthenticationEvent) GetStartTime 

func (this TimelineFailedAuthenticationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineFailedAuthenticationEvent) GetTLSVersion 

func (this TimelineFailedAuthenticationEvent) GetTLSVersion() *TLSVersion

func (TimelineFailedAuthenticationEvent) GetTargetEndpointEntity 

func (this TimelineFailedAuthenticationEvent) GetTargetEndpointEntity() *EndpointEntity

The target endpoint associated with this activity (such as a domain controller), if any.

func (TimelineFailedAuthenticationEvent) GetTargetEntity 

func (this TimelineFailedAuthenticationEvent) GetTargetEntity() Entity

The target service entity.

func (TimelineFailedAuthenticationEvent) GetTargetServiceDescription 

func (this TimelineFailedAuthenticationEvent) GetTargetServiceDescription() *string

func (TimelineFailedAuthenticationEvent) GetTargetServiceDisplayName 

func (this TimelineFailedAuthenticationEvent) GetTargetServiceDisplayName() *string

func (TimelineFailedAuthenticationEvent) GetTargetServiceIdentifier 

func (this TimelineFailedAuthenticationEvent) GetTargetServiceIdentifier() *string

The target service raw identifier.

func (TimelineFailedAuthenticationEvent) GetTargetServiceType 

func (this TimelineFailedAuthenticationEvent) GetTargetServiceType() *ServiceType

A classification value of the service accessed, based on the raw identifier (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).

func (TimelineFailedAuthenticationEvent) GetTimestamp 

func (this TimelineFailedAuthenticationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineFailedAuthenticationEvent) GetUserDisplayName 

func (this TimelineFailedAuthenticationEvent) GetUserDisplayName() string

A display-oriented label of the best available display name for the user associated with this event. `UserEntity:primaryDisplayName` is used if available. Otherwise, the raw user identifier used for performing this activity is applied.

func (TimelineFailedAuthenticationEvent) GetUserEntity 

func (this TimelineFailedAuthenticationEvent) GetUserEntity() *UserEntity

The user entity associated with the activity, if available. Note that `userDisplayName` is available even when the entity is unknown.

func (TimelineFailedAuthenticationEvent) IsTimelineAuthenticationEvent 

func (TimelineFailedAuthenticationEvent) IsTimelineAuthenticationEvent()

func (TimelineFailedAuthenticationEvent) IsTimelineErrorEvent 

func (TimelineFailedAuthenticationEvent) IsTimelineErrorEvent()

func (TimelineFailedAuthenticationEvent) IsTimelineEvent 

func (TimelineFailedAuthenticationEvent) IsTimelineEvent()

func (TimelineFailedAuthenticationEvent) IsTimelineUserOnEndpointActivityEvent 

func (TimelineFailedAuthenticationEvent) IsTimelineUserOnEndpointActivityEvent()

type TimelineFileOperationEvent 

type TimelineFileOperationEvent struct {
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	ActiveDirectorySiteName *string      `json:"activeDirectorySiteName,omitempty"`
	BrowserInfo             *BrowserInfo `json:"browserInfo,omitempty"`
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	DataSource DataSource `json:"dataSource"`
	// A display-oriented label for the data source associated with the activity.
	DataSourceVendorName *string `json:"dataSourceVendorName,omitempty"`
	DeviceName           *string `json:"deviceName,omitempty"`
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	DeviceType *string `json:"deviceType,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	EndpointDisplayName *string `json:"endpointDisplayName,omitempty"`
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The location of the file as reported by the vendor.
	FileLocation string `json:"fileLocation"`
	// The accessed file name.
	FileName string `json:"fileName"`
	// The operation applied.
	FileOperationType FileOperationType `json:"fileOperationType"`
	// The geolocation associated with the activity, if any.
	GeoLocation *GeoLocation `json:"geoLocation,omitempty"`
	// The origin endpoint host name.
	HostName *string `json:"hostName,omitempty"`
	// The origin endpoint IP address, if available.
	IPAddress            *string            `json:"ipAddress,omitempty"`
	IPAddressReputations []IPReputation     `json:"ipAddressReputations"`
	IspClassification    *IspClassification `json:"ispClassification,omitempty"`
	IspDomain            *string            `json:"ispDomain,omitempty"`
	LdapSecurityType     *LdapSecurityType  `json:"ldapSecurityType,omitempty"`
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	LocationAssociatedWithUser *bool `json:"locationAssociatedWithUser,omitempty"`
	// The mime-type of the accessed file.
	MimeType *string `json:"mimeType,omitempty"`
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkTag *string `json:"networkTag,omitempty"`
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkType NetworkType `json:"networkType"`
	// Information about the origin endpoint operating system.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary network protocol used for performing the activity.
	ProtocolType    ProtocolType `json:"protocolType"`
	ProtocolVersion *string      `json:"protocolVersion,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	SourceEntity  UserOrEndpointEntity     `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The target endpoint associated with this activity (such as a domain controller), if any.
	TargetEndpointEntity *EndpointEntity `json:"targetEndpointEntity,omitempty"`
	// The target service entity.
	TargetEntity             Entity  `json:"targetEntity,omitempty"`
	TargetServiceDescription *string `json:"targetServiceDescription,omitempty"`
	TargetServiceDisplayName *string `json:"targetServiceDisplayName,omitempty"`
	// The target service raw identifier.
	TargetServiceIdentifier *string `json:"targetServiceIdentifier,omitempty"`
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	TargetServiceType *ServiceType `json:"targetServiceType,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp  string      `json:"timestamp"`
	TLSVersion *TLSVersion `json:"tlsVersion,omitempty"`
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	UserDisplayName string `json:"userDisplayName"`
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `timeline` event type indicating a file operation.

func (TimelineFileOperationEvent) GetActiveDirectorySiteName 

func (this TimelineFileOperationEvent) GetActiveDirectorySiteName() *string

If the activity is known to have occurred within an Active Directory site, this is set to the site's name.

func (TimelineFileOperationEvent) GetBrowserInfo 

func (this TimelineFileOperationEvent) GetBrowserInfo() *BrowserInfo

func (TimelineFileOperationEvent) GetDataSource 

func (this TimelineFileOperationEvent) GetDataSource() DataSource

The data source associated with this activity. Because the `DataSource` enumeration contains some fallback values for generic sources, `dataSourceVendorName` is provided as an alternative.

func (TimelineFileOperationEvent) GetDataSourceVendorName 

func (this TimelineFileOperationEvent) GetDataSourceVendorName() *string

A display-oriented label for the data source associated with the activity.

func (TimelineFileOperationEvent) GetDeviceName 

func (this TimelineFileOperationEvent) GetDeviceName() *string

func (TimelineFileOperationEvent) GetDeviceType 

func (this TimelineFileOperationEvent) GetDeviceType() *string

A display-oriented label reflecting the origin endpoint operating system, as exposed by the `operatingSystemInfo` field. The semantics of this value are not rrigorously restricted. Therefore, the data is supposed to used programmatically, it is always recommended to project the underlying `operatingSystemInfo` field instead.

func (TimelineFileOperationEvent) GetEndTime 

func (this TimelineFileOperationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineFileOperationEvent) GetEndpointDisplayName 

func (this TimelineFileOperationEvent) GetEndpointDisplayName() *string

A display-oriented label reflecting the best available display name for the origin endpoint. `EndpointEntity:primaryDisplayName` is used if available, otherwise either `hostName` or `ipAddress` may be used as a fallback option.

func (TimelineFileOperationEvent) GetEndpointEntity 

func (this TimelineFileOperationEvent) GetEndpointEntity() *EndpointEntity

The origin endpoint entity associated with the activity, if available. Note that `endpointDisplayName` is available even when the entity is unknown.

func (TimelineFileOperationEvent) GetEventID 

func (this TimelineFileOperationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineFileOperationEvent) GetEventLabel 

func (this TimelineFileOperationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineFileOperationEvent) GetEventSeverity 

func (this TimelineFileOperationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineFileOperationEvent) GetEventType 

func (this TimelineFileOperationEvent) GetEventType() TimelineEventType

The event type.

func (TimelineFileOperationEvent) GetGeoLocation 

func (this TimelineFileOperationEvent) GetGeoLocation() *GeoLocation

The geolocation associated with the activity, if any.

func (TimelineFileOperationEvent) GetHostName 

func (this TimelineFileOperationEvent) GetHostName() *string

The origin endpoint host name.

func (TimelineFileOperationEvent) GetIPAddress 

func (this TimelineFileOperationEvent) GetIPAddress() *string

The origin endpoint IP address, if available.

func (TimelineFileOperationEvent) GetIPAddressReputations 

func (this TimelineFileOperationEvent) GetIPAddressReputations() []IPReputation

func (TimelineFileOperationEvent) GetIspClassification 

func (this TimelineFileOperationEvent) GetIspClassification() *IspClassification

func (TimelineFileOperationEvent) GetIspDomain 

func (this TimelineFileOperationEvent) GetIspDomain() *string

func (TimelineFileOperationEvent) GetLdapSecurityType 

func (this TimelineFileOperationEvent) GetLdapSecurityType() *LdapSecurityType

func (TimelineFileOperationEvent) GetLocationAssociatedWithUser 

func (this TimelineFileOperationEvent) GetLocationAssociatedWithUser() *bool

If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.

Returns `null` if no location data is available for this activity or if the user associated with this activity couldn't be correlated with a user entity.

func (TimelineFileOperationEvent) GetNetworkTag 

func (this TimelineFileOperationEvent) GetNetworkTag() *string

The subnet label, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineFileOperationEvent) GetNetworkType 

func (this TimelineFileOperationEvent) GetNetworkType() NetworkType

The subnet type, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineFileOperationEvent) GetOperatingSystemInfo 

func (this TimelineFileOperationEvent) GetOperatingSystemInfo() *OperatingSystemInfo

Information about the origin endpoint operating system.

func (TimelineFileOperationEvent) GetProtocolType 

func (this TimelineFileOperationEvent) GetProtocolType() ProtocolType

The primary network protocol used for performing the activity.

func (TimelineFileOperationEvent) GetProtocolVersion 

func (this TimelineFileOperationEvent) GetProtocolVersion() *string

func (TimelineFileOperationEvent) GetRelatedEvents 

func (this TimelineFileOperationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineFileOperationEvent) GetSourceEntity 

func (this TimelineFileOperationEvent) GetSourceEntity() UserOrEndpointEntity

func (TimelineFileOperationEvent) GetStartTime 

func (this TimelineFileOperationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineFileOperationEvent) GetTLSVersion 

func (this TimelineFileOperationEvent) GetTLSVersion() *TLSVersion

func (TimelineFileOperationEvent) GetTargetEndpointEntity 

func (this TimelineFileOperationEvent) GetTargetEndpointEntity() *EndpointEntity

The target endpoint associated with this activity (such as a domain controller), if any.

func (TimelineFileOperationEvent) GetTargetEntity 

func (this TimelineFileOperationEvent) GetTargetEntity() Entity

The target service entity.

func (TimelineFileOperationEvent) GetTargetServiceDescription 

func (this TimelineFileOperationEvent) GetTargetServiceDescription() *string

func (TimelineFileOperationEvent) GetTargetServiceDisplayName 

func (this TimelineFileOperationEvent) GetTargetServiceDisplayName() *string

func (TimelineFileOperationEvent) GetTargetServiceIdentifier 

func (this TimelineFileOperationEvent) GetTargetServiceIdentifier() *string

The target service raw identifier.

func (TimelineFileOperationEvent) GetTargetServiceType 

func (this TimelineFileOperationEvent) GetTargetServiceType() *ServiceType

A classification value of the service accessed, based on the raw identifier (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).

func (TimelineFileOperationEvent) GetTimestamp 

func (this TimelineFileOperationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineFileOperationEvent) GetUserDisplayName 

func (this TimelineFileOperationEvent) GetUserDisplayName() string

A display-oriented label of the best available display name for the user associated with this event. `UserEntity:primaryDisplayName` is used if available. Otherwise, the raw user identifier used for performing this activity is applied.

func (TimelineFileOperationEvent) GetUserEntity 

func (this TimelineFileOperationEvent) GetUserEntity() *UserEntity

The user entity associated with the activity, if available. Note that `userDisplayName` is available even when the entity is unknown.

func (TimelineFileOperationEvent) IsTimelineEvent 

func (TimelineFileOperationEvent) IsTimelineEvent()

func (TimelineFileOperationEvent) IsTimelineUserOnEndpointActivityEvent 

func (TimelineFileOperationEvent) IsTimelineUserOnEndpointActivityEvent()

type TimelineGenericSensorWatchdogEvent 

type TimelineGenericSensorWatchdogEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents     *TimelineEventConnection `json:"relatedEvents,omitempty"`
	RemediationAction string                   `json:"remediationAction"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp        string `json:"timestamp"`
	TriggeringMetric string `json:"triggeringMetric"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineGenericSensorWatchdogEvent) GetDomainControllerEntity 

func (this TimelineGenericSensorWatchdogEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineGenericSensorWatchdogEvent) GetEndTime 

func (this TimelineGenericSensorWatchdogEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineGenericSensorWatchdogEvent) GetEventID 

func (this TimelineGenericSensorWatchdogEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineGenericSensorWatchdogEvent) GetEventLabel 

func (this TimelineGenericSensorWatchdogEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineGenericSensorWatchdogEvent) GetEventSeverity 

func (this TimelineGenericSensorWatchdogEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineGenericSensorWatchdogEvent) GetEventType 

func (this TimelineGenericSensorWatchdogEvent) GetEventType() TimelineEventType

The event type.

func (TimelineGenericSensorWatchdogEvent) GetRelatedEvents 

func (this TimelineGenericSensorWatchdogEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineGenericSensorWatchdogEvent) GetStartTime 

func (this TimelineGenericSensorWatchdogEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineGenericSensorWatchdogEvent) GetState 

func (this TimelineGenericSensorWatchdogEvent) GetState() *NotificationState

The system notification status.

func (TimelineGenericSensorWatchdogEvent) GetTimestamp 

func (this TimelineGenericSensorWatchdogEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineGenericSensorWatchdogEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineGenericSensorWatchdogEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineGenericSensorWatchdogEvent) IsTimelineEvent 

func (TimelineGenericSensorWatchdogEvent) IsTimelineEvent()

func (TimelineGenericSensorWatchdogEvent) IsTimelineNotificationEvent 

func (TimelineGenericSensorWatchdogEvent) IsTimelineNotificationEvent()

type TimelineIncidentLifeCycleEvent 

type TimelineIncidentLifeCycleEvent interface {
	IsTimelineIncidentLifeCycleEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// The containing incident of the alert.
	GetIncident() *Incident
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A specialized `TimelineEvent` interface common to `timeline` event types associated with the life cycle of an incident.

type TimelineIncidentLifeCycleStageChangeEvent 

type TimelineIncidentLifeCycleStageChangeEvent struct {
	// The lifecycle stage after the event.
	CurrentStage IncidentLifeCycleStage `json:"currentStage"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The containing incident of the alert.
	Incident *Incident `json:"incident"`
	// The lifecycle stage prior to the event.
	PreviousStage IncidentLifeCycleStage `json:"previousStage"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a change in `Incident:lifeCycleStage`.

func (TimelineIncidentLifeCycleStageChangeEvent) GetEndTime 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineIncidentLifeCycleStageChangeEvent) GetEventID 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineIncidentLifeCycleStageChangeEvent) GetEventLabel 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineIncidentLifeCycleStageChangeEvent) GetEventSeverity 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineIncidentLifeCycleStageChangeEvent) GetEventType 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetEventType() TimelineEventType

The event type.

func (TimelineIncidentLifeCycleStageChangeEvent) GetIncident 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetIncident() *Incident

The containing incident of the alert.

func (TimelineIncidentLifeCycleStageChangeEvent) GetRelatedEvents 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineIncidentLifeCycleStageChangeEvent) GetStartTime 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineIncidentLifeCycleStageChangeEvent) GetSystemComponent 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetSystemComponent() SystemComponent

func (TimelineIncidentLifeCycleStageChangeEvent) GetSystemUser 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetSystemUser() *SystemUser

func (TimelineIncidentLifeCycleStageChangeEvent) GetTimestamp 

func (this TimelineIncidentLifeCycleStageChangeEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineIncidentLifeCycleStageChangeEvent) IsTimelineAuditEvent 

func (TimelineIncidentLifeCycleStageChangeEvent) IsTimelineAuditEvent()

func (TimelineIncidentLifeCycleStageChangeEvent) IsTimelineEvent 

func (TimelineIncidentLifeCycleStageChangeEvent) IsTimelineEvent()

func (TimelineIncidentLifeCycleStageChangeEvent) IsTimelineIncidentLifeCycleEvent 

func (TimelineIncidentLifeCycleStageChangeEvent) IsTimelineIncidentLifeCycleEvent()

type TimelineIncidentSeverityChange 

type TimelineIncidentSeverityChange struct {
	// The incident severity prior to the event.
	CurrentIncidentSeverity IncidentSeverity `json:"currentIncidentSeverity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The containing incident of the alert.
	Incident *Incident `json:"incident"`
	// The incident severity after the event.
	PreviousIncidentSeverity IncidentSeverity `json:"previousIncidentSeverity"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a change in `Incident:severity`.

func (TimelineIncidentSeverityChange) GetEndTime 

func (this TimelineIncidentSeverityChange) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineIncidentSeverityChange) GetEventID 

func (this TimelineIncidentSeverityChange) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineIncidentSeverityChange) GetEventLabel 

func (this TimelineIncidentSeverityChange) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineIncidentSeverityChange) GetEventSeverity 

func (this TimelineIncidentSeverityChange) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineIncidentSeverityChange) GetEventType 

func (this TimelineIncidentSeverityChange) GetEventType() TimelineEventType

The event type.

func (TimelineIncidentSeverityChange) GetIncident 

func (this TimelineIncidentSeverityChange) GetIncident() *Incident

The containing incident of the alert.

func (TimelineIncidentSeverityChange) GetRelatedEvents 

func (this TimelineIncidentSeverityChange) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineIncidentSeverityChange) GetStartTime 

func (this TimelineIncidentSeverityChange) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineIncidentSeverityChange) GetTimestamp 

func (this TimelineIncidentSeverityChange) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineIncidentSeverityChange) IsTimelineEvent 

func (TimelineIncidentSeverityChange) IsTimelineEvent()

func (TimelineIncidentSeverityChange) IsTimelineIncidentLifeCycleEvent 

func (TimelineIncidentSeverityChange) IsTimelineIncidentLifeCycleEvent()

type TimelineIncidentTypeChange 

type TimelineIncidentTypeChange struct {
	// The incident type after the event.
	CurrentIncidentType IncidentType `json:"currentIncidentType"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The containing incident of the alert.
	Incident *Incident `json:"incident"`
	// The incident type prior to the event.
	PreviousIncidentType IncidentType `json:"previousIncidentType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a change in `Incident:type`.

func (TimelineIncidentTypeChange) GetEndTime 

func (this TimelineIncidentTypeChange) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineIncidentTypeChange) GetEventID 

func (this TimelineIncidentTypeChange) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineIncidentTypeChange) GetEventLabel 

func (this TimelineIncidentTypeChange) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineIncidentTypeChange) GetEventSeverity 

func (this TimelineIncidentTypeChange) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineIncidentTypeChange) GetEventType 

func (this TimelineIncidentTypeChange) GetEventType() TimelineEventType

The event type.

func (TimelineIncidentTypeChange) GetIncident 

func (this TimelineIncidentTypeChange) GetIncident() *Incident

The containing incident of the alert.

func (TimelineIncidentTypeChange) GetRelatedEvents 

func (this TimelineIncidentTypeChange) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineIncidentTypeChange) GetStartTime 

func (this TimelineIncidentTypeChange) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineIncidentTypeChange) GetTimestamp 

func (this TimelineIncidentTypeChange) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineIncidentTypeChange) IsTimelineEvent 

func (TimelineIncidentTypeChange) IsTimelineEvent()

func (TimelineIncidentTypeChange) IsTimelineIncidentLifeCycleEvent 

func (TimelineIncidentTypeChange) IsTimelineIncidentLifeCycleEvent()

type TimelineLdapSearchEvent 

type TimelineLdapSearchEvent struct {
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	ActiveDirectorySiteName *string      `json:"activeDirectorySiteName,omitempty"`
	BrowserInfo             *BrowserInfo `json:"browserInfo,omitempty"`
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	DataSource DataSource `json:"dataSource"`
	// A display-oriented label for the data source associated with the activity.
	DataSourceVendorName *string `json:"dataSourceVendorName,omitempty"`
	DeviceName           *string `json:"deviceName,omitempty"`
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	DeviceType *string `json:"deviceType,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	EndpointDisplayName *string `json:"endpointDisplayName,omitempty"`
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The geolocation associated with the activity, if any.
	GeoLocation *GeoLocation `json:"geoLocation,omitempty"`
	// The origin endpoint host name.
	HostName *string `json:"hostName,omitempty"`
	// The origin endpoint IP address, if available.
	IPAddress            *string            `json:"ipAddress,omitempty"`
	IPAddressReputations []IPReputation     `json:"ipAddressReputations"`
	IspClassification    *IspClassification `json:"ispClassification,omitempty"`
	IspDomain            *string            `json:"ispDomain,omitempty"`
	// The request LDAP attributes.
	LdapSearchAttributes []string `json:"ldapSearchAttributes,omitempty"`
	// A filter sample taken from one of the raw search activities group by this event.
	LdapSearchFilterSample string `json:"ldapSearchFilterSample"`
	// The list of query signatures the system has identified for this activity.
	LdapSearchQuerySignatures []LdapQuerySignature `json:"ldapSearchQuerySignatures"`
	// The specified LDAP search scope.
	LdapSearchScope int `json:"ldapSearchScope"`
	// The specified LDAP search size limit.
	LdapSearchSizeLimit int               `json:"ldapSearchSizeLimit"`
	LdapSecurityType    *LdapSecurityType `json:"ldapSecurityType,omitempty"`
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	LocationAssociatedWithUser *bool `json:"locationAssociatedWithUser,omitempty"`
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkTag *string `json:"networkTag,omitempty"`
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkType NetworkType `json:"networkType"`
	// Information about the origin endpoint operating system.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary network protocol used for performing the activity.
	ProtocolType    ProtocolType `json:"protocolType"`
	ProtocolVersion *string      `json:"protocolVersion,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	SourceEntity  UserOrEndpointEntity     `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The target endpoint associated with this activity (such as a domain controller), if any.
	TargetEndpointEntity *EndpointEntity `json:"targetEndpointEntity,omitempty"`
	// The target service entity.
	TargetEntity             Entity  `json:"targetEntity,omitempty"`
	TargetServiceDescription *string `json:"targetServiceDescription,omitempty"`
	TargetServiceDisplayName *string `json:"targetServiceDisplayName,omitempty"`
	// The target service raw identifier.
	TargetServiceIdentifier *string `json:"targetServiceIdentifier,omitempty"`
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	TargetServiceType *ServiceType `json:"targetServiceType,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp  string      `json:"timestamp"`
	TLSVersion *TLSVersion `json:"tlsVersion,omitempty"`
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	UserDisplayName string `json:"userDisplayName"`
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `timeline` event type indicating that one or more LDAP searches of a common pattern have been issued within a particular minute timeframe. An LDAP search pattern is based on the exact structural shape of the query, but discards bound query values (such as a particular LDAP DN).

func (TimelineLdapSearchEvent) GetActiveDirectorySiteName 

func (this TimelineLdapSearchEvent) GetActiveDirectorySiteName() *string

If the activity is known to have occurred within an Active Directory site, this is set to the site's name.

func (TimelineLdapSearchEvent) GetBrowserInfo 

func (this TimelineLdapSearchEvent) GetBrowserInfo() *BrowserInfo

func (TimelineLdapSearchEvent) GetDataSource 

func (this TimelineLdapSearchEvent) GetDataSource() DataSource

The data source associated with this activity. Because the `DataSource` enumeration contains some fallback values for generic sources, `dataSourceVendorName` is provided as an alternative.

func (TimelineLdapSearchEvent) GetDataSourceVendorName 

func (this TimelineLdapSearchEvent) GetDataSourceVendorName() *string

A display-oriented label for the data source associated with the activity.

func (TimelineLdapSearchEvent) GetDeviceName 

func (this TimelineLdapSearchEvent) GetDeviceName() *string

func (TimelineLdapSearchEvent) GetDeviceType 

func (this TimelineLdapSearchEvent) GetDeviceType() *string

A display-oriented label reflecting the origin endpoint operating system, as exposed by the `operatingSystemInfo` field. The semantics of this value are not rrigorously restricted. Therefore, the data is supposed to used programmatically, it is always recommended to project the underlying `operatingSystemInfo` field instead.

func (TimelineLdapSearchEvent) GetEndTime 

func (this TimelineLdapSearchEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineLdapSearchEvent) GetEndpointDisplayName 

func (this TimelineLdapSearchEvent) GetEndpointDisplayName() *string

A display-oriented label reflecting the best available display name for the origin endpoint. `EndpointEntity:primaryDisplayName` is used if available, otherwise either `hostName` or `ipAddress` may be used as a fallback option.

func (TimelineLdapSearchEvent) GetEndpointEntity 

func (this TimelineLdapSearchEvent) GetEndpointEntity() *EndpointEntity

The origin endpoint entity associated with the activity, if available. Note that `endpointDisplayName` is available even when the entity is unknown.

func (TimelineLdapSearchEvent) GetEventID 

func (this TimelineLdapSearchEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineLdapSearchEvent) GetEventLabel 

func (this TimelineLdapSearchEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineLdapSearchEvent) GetEventSeverity 

func (this TimelineLdapSearchEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineLdapSearchEvent) GetEventType 

func (this TimelineLdapSearchEvent) GetEventType() TimelineEventType

The event type.

func (TimelineLdapSearchEvent) GetGeoLocation 

func (this TimelineLdapSearchEvent) GetGeoLocation() *GeoLocation

The geolocation associated with the activity, if any.

func (TimelineLdapSearchEvent) GetHostName 

func (this TimelineLdapSearchEvent) GetHostName() *string

The origin endpoint host name.

func (TimelineLdapSearchEvent) GetIPAddress 

func (this TimelineLdapSearchEvent) GetIPAddress() *string

The origin endpoint IP address, if available.

func (TimelineLdapSearchEvent) GetIPAddressReputations 

func (this TimelineLdapSearchEvent) GetIPAddressReputations() []IPReputation

func (TimelineLdapSearchEvent) GetIspClassification 

func (this TimelineLdapSearchEvent) GetIspClassification() *IspClassification

func (TimelineLdapSearchEvent) GetIspDomain 

func (this TimelineLdapSearchEvent) GetIspDomain() *string

func (TimelineLdapSearchEvent) GetLdapSecurityType 

func (this TimelineLdapSearchEvent) GetLdapSecurityType() *LdapSecurityType

func (TimelineLdapSearchEvent) GetLocationAssociatedWithUser 

func (this TimelineLdapSearchEvent) GetLocationAssociatedWithUser() *bool

If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.

Returns `null` if no location data is available for this activity or if the user associated with this activity couldn't be correlated with a user entity.

func (TimelineLdapSearchEvent) GetNetworkTag 

func (this TimelineLdapSearchEvent) GetNetworkTag() *string

The subnet label, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineLdapSearchEvent) GetNetworkType 

func (this TimelineLdapSearchEvent) GetNetworkType() NetworkType

The subnet type, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineLdapSearchEvent) GetOperatingSystemInfo 

func (this TimelineLdapSearchEvent) GetOperatingSystemInfo() *OperatingSystemInfo

Information about the origin endpoint operating system.

func (TimelineLdapSearchEvent) GetProtocolType 

func (this TimelineLdapSearchEvent) GetProtocolType() ProtocolType

The primary network protocol used for performing the activity.

func (TimelineLdapSearchEvent) GetProtocolVersion 

func (this TimelineLdapSearchEvent) GetProtocolVersion() *string

func (TimelineLdapSearchEvent) GetRelatedEvents 

func (this TimelineLdapSearchEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineLdapSearchEvent) GetSourceEntity 

func (this TimelineLdapSearchEvent) GetSourceEntity() UserOrEndpointEntity

func (TimelineLdapSearchEvent) GetStartTime 

func (this TimelineLdapSearchEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineLdapSearchEvent) GetTLSVersion 

func (this TimelineLdapSearchEvent) GetTLSVersion() *TLSVersion

func (TimelineLdapSearchEvent) GetTargetEndpointEntity 

func (this TimelineLdapSearchEvent) GetTargetEndpointEntity() *EndpointEntity

The target endpoint associated with this activity (such as a domain controller), if any.

func (TimelineLdapSearchEvent) GetTargetEntity 

func (this TimelineLdapSearchEvent) GetTargetEntity() Entity

The target service entity.

func (TimelineLdapSearchEvent) GetTargetServiceDescription 

func (this TimelineLdapSearchEvent) GetTargetServiceDescription() *string

func (TimelineLdapSearchEvent) GetTargetServiceDisplayName 

func (this TimelineLdapSearchEvent) GetTargetServiceDisplayName() *string

func (TimelineLdapSearchEvent) GetTargetServiceIdentifier 

func (this TimelineLdapSearchEvent) GetTargetServiceIdentifier() *string

The target service raw identifier.

func (TimelineLdapSearchEvent) GetTargetServiceType 

func (this TimelineLdapSearchEvent) GetTargetServiceType() *ServiceType

A classification value of the service accessed, based on the raw identifier (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).

func (TimelineLdapSearchEvent) GetTimestamp 

func (this TimelineLdapSearchEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineLdapSearchEvent) GetUserDisplayName 

func (this TimelineLdapSearchEvent) GetUserDisplayName() string

A display-oriented label of the best available display name for the user associated with this event. `UserEntity:primaryDisplayName` is used if available. Otherwise, the raw user identifier used for performing this activity is applied.

func (TimelineLdapSearchEvent) GetUserEntity 

func (this TimelineLdapSearchEvent) GetUserEntity() *UserEntity

The user entity associated with the activity, if available. Note that `userDisplayName` is available even when the entity is unknown.

func (TimelineLdapSearchEvent) IsTimelineEvent 

func (TimelineLdapSearchEvent) IsTimelineEvent()

func (TimelineLdapSearchEvent) IsTimelineUserOnEndpointActivityEvent 

func (TimelineLdapSearchEvent) IsTimelineUserOnEndpointActivityEvent()

type TimelineLinkedAccountChangeNotificationEvent 

type TimelineLinkedAccountChangeNotificationEvent struct {
	AddedLinkedAccounts []Entity `json:"addedLinkedAccounts"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents         *TimelineEventConnection `json:"relatedEvents,omitempty"`
	RemovedLinkedAccounts []Entity                 `json:"removedLinkedAccounts"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineLinkedAccountChangeNotificationEvent) GetEndTime 

func (this TimelineLinkedAccountChangeNotificationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineLinkedAccountChangeNotificationEvent) GetEntity 

func (this TimelineLinkedAccountChangeNotificationEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineLinkedAccountChangeNotificationEvent) GetEventID 

func (this TimelineLinkedAccountChangeNotificationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineLinkedAccountChangeNotificationEvent) GetEventLabel 

func (this TimelineLinkedAccountChangeNotificationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineLinkedAccountChangeNotificationEvent) GetEventSeverity 

func (this TimelineLinkedAccountChangeNotificationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineLinkedAccountChangeNotificationEvent) GetEventType 

func (this TimelineLinkedAccountChangeNotificationEvent) GetEventType() TimelineEventType

The event type.

func (TimelineLinkedAccountChangeNotificationEvent) GetRelatedEvents 

func (this TimelineLinkedAccountChangeNotificationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineLinkedAccountChangeNotificationEvent) GetStartTime 

func (this TimelineLinkedAccountChangeNotificationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineLinkedAccountChangeNotificationEvent) GetTimestamp 

func (this TimelineLinkedAccountChangeNotificationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineLinkedAccountChangeNotificationEvent) IsTimelineEntityEvent 

func (TimelineLinkedAccountChangeNotificationEvent) IsTimelineEntityEvent()

func (TimelineLinkedAccountChangeNotificationEvent) IsTimelineEvent 

func (TimelineLinkedAccountChangeNotificationEvent) IsTimelineEvent()

type TimelineMfaFallbackPeriodEvent 

type TimelineMfaFallbackPeriodEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType         TimelineEventType `json:"eventType"`
	MfaFallbackPeriod string            `json:"mfaFallbackPeriod"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineMfaFallbackPeriodEvent) GetEndTime 

func (this TimelineMfaFallbackPeriodEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineMfaFallbackPeriodEvent) GetEventID 

func (this TimelineMfaFallbackPeriodEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineMfaFallbackPeriodEvent) GetEventLabel 

func (this TimelineMfaFallbackPeriodEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineMfaFallbackPeriodEvent) GetEventSeverity 

func (this TimelineMfaFallbackPeriodEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineMfaFallbackPeriodEvent) GetEventType 

func (this TimelineMfaFallbackPeriodEvent) GetEventType() TimelineEventType

The event type.

func (TimelineMfaFallbackPeriodEvent) GetRelatedEvents 

func (this TimelineMfaFallbackPeriodEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineMfaFallbackPeriodEvent) GetStartTime 

func (this TimelineMfaFallbackPeriodEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineMfaFallbackPeriodEvent) GetSystemComponent 

func (this TimelineMfaFallbackPeriodEvent) GetSystemComponent() SystemComponent

func (TimelineMfaFallbackPeriodEvent) GetSystemUser 

func (this TimelineMfaFallbackPeriodEvent) GetSystemUser() *SystemUser

func (TimelineMfaFallbackPeriodEvent) GetTimestamp 

func (this TimelineMfaFallbackPeriodEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineMfaFallbackPeriodEvent) IsTimelineAuditEvent 

func (TimelineMfaFallbackPeriodEvent) IsTimelineAuditEvent()

func (TimelineMfaFallbackPeriodEvent) IsTimelineEvent 

func (TimelineMfaFallbackPeriodEvent) IsTimelineEvent()

func (TimelineMfaFallbackPeriodEvent) IsTimelineSystemConfigurationEvent 

func (TimelineMfaFallbackPeriodEvent) IsTimelineSystemConfigurationEvent()

func (TimelineMfaFallbackPeriodEvent) IsTimelineUserEngagementChangedEvent 

func (TimelineMfaFallbackPeriodEvent) IsTimelineUserEngagementChangedEvent()

type TimelineMfaServiceEnrollmentEvent 

type TimelineMfaServiceEnrollmentEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime           string                   `json:"endTime"`
	EngagementSummary *CommonEngagementSummary `json:"engagementSummary"`
	Entities          []*UserEntity            `json:"entities"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineMfaServiceEnrollmentEvent) GetEndTime 

func (this TimelineMfaServiceEnrollmentEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineMfaServiceEnrollmentEvent) GetEventID 

func (this TimelineMfaServiceEnrollmentEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineMfaServiceEnrollmentEvent) GetEventLabel 

func (this TimelineMfaServiceEnrollmentEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineMfaServiceEnrollmentEvent) GetEventSeverity 

func (this TimelineMfaServiceEnrollmentEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineMfaServiceEnrollmentEvent) GetEventType 

func (this TimelineMfaServiceEnrollmentEvent) GetEventType() TimelineEventType

The event type.

func (TimelineMfaServiceEnrollmentEvent) GetRelatedEvents 

func (this TimelineMfaServiceEnrollmentEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineMfaServiceEnrollmentEvent) GetStartTime 

func (this TimelineMfaServiceEnrollmentEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineMfaServiceEnrollmentEvent) GetTimestamp 

func (this TimelineMfaServiceEnrollmentEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineMfaServiceEnrollmentEvent) IsTimelineEvent 

func (TimelineMfaServiceEnrollmentEvent) IsTimelineEvent()

type TimelineNetExtractorStoppedPolicyEvent 

type TimelineNetExtractorStoppedPolicyEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp         string   `json:"timestamp"`
	TriggeringMetrics []string `json:"triggeringMetrics"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineNetExtractorStoppedPolicyEvent) GetDomainControllerEntity 

func (this TimelineNetExtractorStoppedPolicyEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineNetExtractorStoppedPolicyEvent) GetEndTime 

func (this TimelineNetExtractorStoppedPolicyEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineNetExtractorStoppedPolicyEvent) GetEventID 

func (this TimelineNetExtractorStoppedPolicyEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineNetExtractorStoppedPolicyEvent) GetEventLabel 

func (this TimelineNetExtractorStoppedPolicyEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineNetExtractorStoppedPolicyEvent) GetEventSeverity 

func (this TimelineNetExtractorStoppedPolicyEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineNetExtractorStoppedPolicyEvent) GetEventType 

func (this TimelineNetExtractorStoppedPolicyEvent) GetEventType() TimelineEventType

The event type.

func (TimelineNetExtractorStoppedPolicyEvent) GetRelatedEvents 

func (this TimelineNetExtractorStoppedPolicyEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineNetExtractorStoppedPolicyEvent) GetStartTime 

func (this TimelineNetExtractorStoppedPolicyEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineNetExtractorStoppedPolicyEvent) GetState 

func (this TimelineNetExtractorStoppedPolicyEvent) GetState() *NotificationState

The system notification status.

func (TimelineNetExtractorStoppedPolicyEvent) GetTimestamp 

func (this TimelineNetExtractorStoppedPolicyEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineNetExtractorStoppedPolicyEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineNetExtractorStoppedPolicyEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineNetExtractorStoppedPolicyEvent) IsTimelineEvent 

func (TimelineNetExtractorStoppedPolicyEvent) IsTimelineEvent()

func (TimelineNetExtractorStoppedPolicyEvent) IsTimelineNotificationEvent 

func (TimelineNetExtractorStoppedPolicyEvent) IsTimelineNotificationEvent()

type TimelineNetExtractorStoppedPublishEvent 

type TimelineNetExtractorStoppedPublishEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp         string   `json:"timestamp"`
	TriggeringMetrics []string `json:"triggeringMetrics"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineNetExtractorStoppedPublishEvent) GetDomainControllerEntity 

func (this TimelineNetExtractorStoppedPublishEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineNetExtractorStoppedPublishEvent) GetEndTime 

func (this TimelineNetExtractorStoppedPublishEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineNetExtractorStoppedPublishEvent) GetEventID 

func (this TimelineNetExtractorStoppedPublishEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineNetExtractorStoppedPublishEvent) GetEventLabel 

func (this TimelineNetExtractorStoppedPublishEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineNetExtractorStoppedPublishEvent) GetEventSeverity 

func (this TimelineNetExtractorStoppedPublishEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineNetExtractorStoppedPublishEvent) GetEventType 

func (this TimelineNetExtractorStoppedPublishEvent) GetEventType() TimelineEventType

The event type.

func (TimelineNetExtractorStoppedPublishEvent) GetRelatedEvents 

func (this TimelineNetExtractorStoppedPublishEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineNetExtractorStoppedPublishEvent) GetStartTime 

func (this TimelineNetExtractorStoppedPublishEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineNetExtractorStoppedPublishEvent) GetState 

func (this TimelineNetExtractorStoppedPublishEvent) GetState() *NotificationState

The system notification status.

func (TimelineNetExtractorStoppedPublishEvent) GetTimestamp 

func (this TimelineNetExtractorStoppedPublishEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineNetExtractorStoppedPublishEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineNetExtractorStoppedPublishEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineNetExtractorStoppedPublishEvent) IsTimelineEvent 

func (TimelineNetExtractorStoppedPublishEvent) IsTimelineEvent()

func (TimelineNetExtractorStoppedPublishEvent) IsTimelineNotificationEvent 

func (TimelineNetExtractorStoppedPublishEvent) IsTimelineNotificationEvent()

type TimelineNetExtractorStoppedTrafficEvent 

type TimelineNetExtractorStoppedTrafficEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp         string   `json:"timestamp"`
	TriggeringMetrics []string `json:"triggeringMetrics"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineNetExtractorStoppedTrafficEvent) GetDomainControllerEntity 

func (this TimelineNetExtractorStoppedTrafficEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineNetExtractorStoppedTrafficEvent) GetEndTime 

func (this TimelineNetExtractorStoppedTrafficEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineNetExtractorStoppedTrafficEvent) GetEventID 

func (this TimelineNetExtractorStoppedTrafficEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineNetExtractorStoppedTrafficEvent) GetEventLabel 

func (this TimelineNetExtractorStoppedTrafficEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineNetExtractorStoppedTrafficEvent) GetEventSeverity 

func (this TimelineNetExtractorStoppedTrafficEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineNetExtractorStoppedTrafficEvent) GetEventType 

func (this TimelineNetExtractorStoppedTrafficEvent) GetEventType() TimelineEventType

The event type.

func (TimelineNetExtractorStoppedTrafficEvent) GetRelatedEvents 

func (this TimelineNetExtractorStoppedTrafficEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineNetExtractorStoppedTrafficEvent) GetStartTime 

func (this TimelineNetExtractorStoppedTrafficEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineNetExtractorStoppedTrafficEvent) GetState 

func (this TimelineNetExtractorStoppedTrafficEvent) GetState() *NotificationState

The system notification status.

func (TimelineNetExtractorStoppedTrafficEvent) GetTimestamp 

func (this TimelineNetExtractorStoppedTrafficEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineNetExtractorStoppedTrafficEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineNetExtractorStoppedTrafficEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineNetExtractorStoppedTrafficEvent) IsTimelineEvent 

func (TimelineNetExtractorStoppedTrafficEvent) IsTimelineEvent()

func (TimelineNetExtractorStoppedTrafficEvent) IsTimelineNotificationEvent 

func (TimelineNetExtractorStoppedTrafficEvent) IsTimelineNotificationEvent()

type TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent 

type TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp         string   `json:"timestamp"`
	TriggeringMetrics []string `json:"triggeringMetrics"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetDomainControllerEntity 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEndTime 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventID 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventLabel 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventSeverity 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventType 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetEventType() TimelineEventType

The event type.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetRelatedEvents 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetStartTime 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetState 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetState() *NotificationState

The system notification status.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetTimestamp 

func (this TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) IsTimelineEvent 

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) IsTimelineEvent()

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) IsTimelineNotificationEvent 

func (TimelineNetExtractorWatchdogAnalyzerServiceRestartEvent) IsTimelineNotificationEvent()

type TimelineNetExtractorWatchdogManagementServiceRestartEvent 

type TimelineNetExtractorWatchdogManagementServiceRestartEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp         string   `json:"timestamp"`
	TriggeringMetrics []string `json:"triggeringMetrics"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetDomainControllerEntity 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEndTime 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventID 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventLabel 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventSeverity 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventType 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetEventType() TimelineEventType

The event type.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetRelatedEvents 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetStartTime 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetState 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetState() *NotificationState

The system notification status.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetTimestamp 

func (this TimelineNetExtractorWatchdogManagementServiceRestartEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) IsTimelineEvent 

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) IsTimelineEvent()

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) IsTimelineNotificationEvent 

func (TimelineNetExtractorWatchdogManagementServiceRestartEvent) IsTimelineNotificationEvent()

type TimelineNetExtractorWatchdogMonitoringServiceRestartEvent 

type TimelineNetExtractorWatchdogMonitoringServiceRestartEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp         string   `json:"timestamp"`
	TriggeringMetrics []string `json:"triggeringMetrics"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetDomainControllerEntity 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEndTime 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventID 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventLabel 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventSeverity 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventType 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetEventType() TimelineEventType

The event type.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetRelatedEvents 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetStartTime 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetState 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetState() *NotificationState

The system notification status.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetTimestamp 

func (this TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) IsTimelineEvent 

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) IsTimelineEvent()

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) IsTimelineNotificationEvent 

func (TimelineNetExtractorWatchdogMonitoringServiceRestartEvent) IsTimelineNotificationEvent()

type TimelineNewIncidentEvent 

type TimelineNewIncidentEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The containing incident of the alert.
	Incident *Incident `json:"incident"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a new incident.

func (TimelineNewIncidentEvent) GetEndTime 

func (this TimelineNewIncidentEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineNewIncidentEvent) GetEventID 

func (this TimelineNewIncidentEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineNewIncidentEvent) GetEventLabel 

func (this TimelineNewIncidentEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineNewIncidentEvent) GetEventSeverity 

func (this TimelineNewIncidentEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineNewIncidentEvent) GetEventType 

func (this TimelineNewIncidentEvent) GetEventType() TimelineEventType

The event type.

func (TimelineNewIncidentEvent) GetIncident 

func (this TimelineNewIncidentEvent) GetIncident() *Incident

The containing incident of the alert.

func (TimelineNewIncidentEvent) GetRelatedEvents 

func (this TimelineNewIncidentEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineNewIncidentEvent) GetStartTime 

func (this TimelineNewIncidentEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineNewIncidentEvent) GetTimestamp 

func (this TimelineNewIncidentEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineNewIncidentEvent) IsTimelineEvent 

func (TimelineNewIncidentEvent) IsTimelineEvent()

func (TimelineNewIncidentEvent) IsTimelineIncidentLifeCycleEvent 

func (TimelineNewIncidentEvent) IsTimelineIncidentLifeCycleEvent()

type TimelineNotificationEvent 

type TimelineNotificationEvent interface {
	IsTimelineNotificationEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The system notification status.
	GetState() *NotificationState
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A `TimelineEvent` interface common to system notification `timeline` events.

type TimelineOuChangeEvent 

type TimelineOuChangeEvent struct {
	// The `ou` associated with the primary account of the entity after the event.
	CurrentOu *string `json:"currentOu,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The `ou` associated with the primary account of the entity prior to the event.
	PreviousOu *string `json:"previousOu,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating a change in the `ou` field of an entity's primary account.

func (TimelineOuChangeEvent) GetEndTime 

func (this TimelineOuChangeEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineOuChangeEvent) GetEntity 

func (this TimelineOuChangeEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineOuChangeEvent) GetEventID 

func (this TimelineOuChangeEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineOuChangeEvent) GetEventLabel 

func (this TimelineOuChangeEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineOuChangeEvent) GetEventSeverity 

func (this TimelineOuChangeEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineOuChangeEvent) GetEventType 

func (this TimelineOuChangeEvent) GetEventType() TimelineEventType

The event type.

func (TimelineOuChangeEvent) GetRelatedEvents 

func (this TimelineOuChangeEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineOuChangeEvent) GetStartTime 

func (this TimelineOuChangeEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineOuChangeEvent) GetTimestamp 

func (this TimelineOuChangeEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineOuChangeEvent) IsTimelineEntityEvent 

func (TimelineOuChangeEvent) IsTimelineEntityEvent()

func (TimelineOuChangeEvent) IsTimelineEvent 

func (TimelineOuChangeEvent) IsTimelineEvent()

type TimelinePasswordChangeEvent 

type TimelinePasswordChangeEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelinePasswordChangeEvent) GetEndTime 

func (this TimelinePasswordChangeEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePasswordChangeEvent) GetEntity 

func (this TimelinePasswordChangeEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelinePasswordChangeEvent) GetEventID 

func (this TimelinePasswordChangeEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePasswordChangeEvent) GetEventLabel 

func (this TimelinePasswordChangeEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePasswordChangeEvent) GetEventSeverity 

func (this TimelinePasswordChangeEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePasswordChangeEvent) GetEventType 

func (this TimelinePasswordChangeEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePasswordChangeEvent) GetRelatedEvents 

func (this TimelinePasswordChangeEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePasswordChangeEvent) GetStartTime 

func (this TimelinePasswordChangeEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePasswordChangeEvent) GetTimestamp 

func (this TimelinePasswordChangeEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePasswordChangeEvent) IsTimelineEntityEvent 

func (TimelinePasswordChangeEvent) IsTimelineEntityEvent()

func (TimelinePasswordChangeEvent) IsTimelineEvent 

func (TimelinePasswordChangeEvent) IsTimelineEvent()

type TimelinePolicyAppliedEvent 

type TimelinePolicyAppliedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelinePolicyAppliedEvent) GetEndTime 

func (this TimelinePolicyAppliedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePolicyAppliedEvent) GetEventID 

func (this TimelinePolicyAppliedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePolicyAppliedEvent) GetEventLabel 

func (this TimelinePolicyAppliedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePolicyAppliedEvent) GetEventSeverity 

func (this TimelinePolicyAppliedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePolicyAppliedEvent) GetEventType 

func (this TimelinePolicyAppliedEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePolicyAppliedEvent) GetRelatedEvents 

func (this TimelinePolicyAppliedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePolicyAppliedEvent) GetStartTime 

func (this TimelinePolicyAppliedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePolicyAppliedEvent) GetSystemComponent 

func (this TimelinePolicyAppliedEvent) GetSystemComponent() SystemComponent

func (TimelinePolicyAppliedEvent) GetSystemUser 

func (this TimelinePolicyAppliedEvent) GetSystemUser() *SystemUser

func (TimelinePolicyAppliedEvent) GetTimestamp 

func (this TimelinePolicyAppliedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePolicyAppliedEvent) IsTimelineAuditEvent 

func (TimelinePolicyAppliedEvent) IsTimelineAuditEvent()

func (TimelinePolicyAppliedEvent) IsTimelineEvent 

func (TimelinePolicyAppliedEvent) IsTimelineEvent()

func (TimelinePolicyAppliedEvent) IsTimelinePolicyConfigurationEvent 

func (TimelinePolicyAppliedEvent) IsTimelinePolicyConfigurationEvent()

func (TimelinePolicyAppliedEvent) IsTimelineSystemConfigurationEvent 

func (TimelinePolicyAppliedEvent) IsTimelineSystemConfigurationEvent()

type TimelinePolicyConfigurationEvent 

type TimelinePolicyConfigurationEvent interface {
	IsTimelinePolicyConfigurationEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	GetSystemComponent() SystemComponent
	GetSystemUser() *SystemUser
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A common interface for all events exposed by the `timeline` API.

type TimelinePolicyRuleAddedEvent 

type TimelinePolicyRuleAddedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	RuleID        string                   `json:"ruleId"`
	RuleName      string                   `json:"ruleName"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelinePolicyRuleAddedEvent) GetEndTime 

func (this TimelinePolicyRuleAddedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePolicyRuleAddedEvent) GetEventID 

func (this TimelinePolicyRuleAddedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePolicyRuleAddedEvent) GetEventLabel 

func (this TimelinePolicyRuleAddedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePolicyRuleAddedEvent) GetEventSeverity 

func (this TimelinePolicyRuleAddedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePolicyRuleAddedEvent) GetEventType 

func (this TimelinePolicyRuleAddedEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePolicyRuleAddedEvent) GetRelatedEvents 

func (this TimelinePolicyRuleAddedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePolicyRuleAddedEvent) GetRuleID 

func (this TimelinePolicyRuleAddedEvent) GetRuleID() string

func (TimelinePolicyRuleAddedEvent) GetRuleName 

func (this TimelinePolicyRuleAddedEvent) GetRuleName() string

func (TimelinePolicyRuleAddedEvent) GetStartTime 

func (this TimelinePolicyRuleAddedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePolicyRuleAddedEvent) GetSystemComponent 

func (this TimelinePolicyRuleAddedEvent) GetSystemComponent() SystemComponent

func (TimelinePolicyRuleAddedEvent) GetSystemUser 

func (this TimelinePolicyRuleAddedEvent) GetSystemUser() *SystemUser

func (TimelinePolicyRuleAddedEvent) GetTimestamp 

func (this TimelinePolicyRuleAddedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePolicyRuleAddedEvent) IsTimelineAuditEvent 

func (TimelinePolicyRuleAddedEvent) IsTimelineAuditEvent()

func (TimelinePolicyRuleAddedEvent) IsTimelineEvent 

func (TimelinePolicyRuleAddedEvent) IsTimelineEvent()

func (TimelinePolicyRuleAddedEvent) IsTimelinePolicyConfigurationEvent 

func (TimelinePolicyRuleAddedEvent) IsTimelinePolicyConfigurationEvent()

func (TimelinePolicyRuleAddedEvent) IsTimelinePolicySingleRuleChangedEvent 

func (TimelinePolicyRuleAddedEvent) IsTimelinePolicySingleRuleChangedEvent()

func (TimelinePolicyRuleAddedEvent) IsTimelineSystemConfigurationEvent 

func (TimelinePolicyRuleAddedEvent) IsTimelineSystemConfigurationEvent()

type TimelinePolicyRuleDeletedEvent 

type TimelinePolicyRuleDeletedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	RuleID        string                   `json:"ruleId"`
	RuleName      string                   `json:"ruleName"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelinePolicyRuleDeletedEvent) GetEndTime 

func (this TimelinePolicyRuleDeletedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePolicyRuleDeletedEvent) GetEventID 

func (this TimelinePolicyRuleDeletedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePolicyRuleDeletedEvent) GetEventLabel 

func (this TimelinePolicyRuleDeletedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePolicyRuleDeletedEvent) GetEventSeverity 

func (this TimelinePolicyRuleDeletedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePolicyRuleDeletedEvent) GetEventType 

func (this TimelinePolicyRuleDeletedEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePolicyRuleDeletedEvent) GetRelatedEvents 

func (this TimelinePolicyRuleDeletedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePolicyRuleDeletedEvent) GetRuleID 

func (this TimelinePolicyRuleDeletedEvent) GetRuleID() string

func (TimelinePolicyRuleDeletedEvent) GetRuleName 

func (this TimelinePolicyRuleDeletedEvent) GetRuleName() string

func (TimelinePolicyRuleDeletedEvent) GetStartTime 

func (this TimelinePolicyRuleDeletedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePolicyRuleDeletedEvent) GetSystemComponent 

func (this TimelinePolicyRuleDeletedEvent) GetSystemComponent() SystemComponent

func (TimelinePolicyRuleDeletedEvent) GetSystemUser 

func (this TimelinePolicyRuleDeletedEvent) GetSystemUser() *SystemUser

func (TimelinePolicyRuleDeletedEvent) GetTimestamp 

func (this TimelinePolicyRuleDeletedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePolicyRuleDeletedEvent) IsTimelineAuditEvent 

func (TimelinePolicyRuleDeletedEvent) IsTimelineAuditEvent()

func (TimelinePolicyRuleDeletedEvent) IsTimelineEvent 

func (TimelinePolicyRuleDeletedEvent) IsTimelineEvent()

func (TimelinePolicyRuleDeletedEvent) IsTimelinePolicyConfigurationEvent 

func (TimelinePolicyRuleDeletedEvent) IsTimelinePolicyConfigurationEvent()

func (TimelinePolicyRuleDeletedEvent) IsTimelinePolicySingleRuleChangedEvent 

func (TimelinePolicyRuleDeletedEvent) IsTimelinePolicySingleRuleChangedEvent()

func (TimelinePolicyRuleDeletedEvent) IsTimelineSystemConfigurationEvent 

func (TimelinePolicyRuleDeletedEvent) IsTimelineSystemConfigurationEvent()

type TimelinePolicyRuleMatchEvent 

type TimelinePolicyRuleMatchEvent struct {
	Action           RuleAction `json:"action"`
	ActionLabel      string     `json:"actionLabel"`
	AuditTimestamp   string     `json:"auditTimestamp"`
	AuthorizerEntity Entity     `json:"authorizerEntity,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	Inline    bool              `json:"inline"`
	// A connection of related events.
	RelatedEvents             *TimelineEventConnection `json:"relatedEvents,omitempty"`
	ResultDescription         string                   `json:"resultDescription"`
	RuleID                    string                   `json:"ruleId"`
	RuleName                  *string                  `json:"ruleName,omitempty"`
	SimulationMode            bool                     `json:"simulationMode"`
	SourceEndpoint            Entity                   `json:"sourceEndpoint,omitempty"`
	SourceEndpointDisplayName *string                  `json:"sourceEndpointDisplayName,omitempty"`
	SourceEntity              Entity                   `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime               string  `json:"startTime"`
	Successful              bool    `json:"successful"`
	TargetEndpoint          Entity  `json:"targetEndpoint,omitempty"`
	TargetEntity            Entity  `json:"targetEntity,omitempty"`
	TargetEntityDescription *string `json:"targetEntityDescription,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp        string      `json:"timestamp"`
	TransactionID    string      `json:"transactionId"`
	Trigger          RuleTrigger `json:"trigger"`
	TriggerLabel     string      `json:"triggerLabel"`
	TriggerTimestamp string      `json:"triggerTimestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelinePolicyRuleMatchEvent) GetEndTime 

func (this TimelinePolicyRuleMatchEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePolicyRuleMatchEvent) GetEventID 

func (this TimelinePolicyRuleMatchEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePolicyRuleMatchEvent) GetEventLabel 

func (this TimelinePolicyRuleMatchEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePolicyRuleMatchEvent) GetEventSeverity 

func (this TimelinePolicyRuleMatchEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePolicyRuleMatchEvent) GetEventType 

func (this TimelinePolicyRuleMatchEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePolicyRuleMatchEvent) GetRelatedEvents 

func (this TimelinePolicyRuleMatchEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePolicyRuleMatchEvent) GetStartTime 

func (this TimelinePolicyRuleMatchEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePolicyRuleMatchEvent) GetTimestamp 

func (this TimelinePolicyRuleMatchEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePolicyRuleMatchEvent) IsTimelineEvent 

func (TimelinePolicyRuleMatchEvent) IsTimelineEvent()

type TimelinePolicyRuleModifiedEvent 

type TimelinePolicyRuleModifiedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	RuleID        string                   `json:"ruleId"`
	RuleName      string                   `json:"ruleName"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelinePolicyRuleModifiedEvent) GetEndTime 

func (this TimelinePolicyRuleModifiedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePolicyRuleModifiedEvent) GetEventID 

func (this TimelinePolicyRuleModifiedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePolicyRuleModifiedEvent) GetEventLabel 

func (this TimelinePolicyRuleModifiedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePolicyRuleModifiedEvent) GetEventSeverity 

func (this TimelinePolicyRuleModifiedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePolicyRuleModifiedEvent) GetEventType 

func (this TimelinePolicyRuleModifiedEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePolicyRuleModifiedEvent) GetRelatedEvents 

func (this TimelinePolicyRuleModifiedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePolicyRuleModifiedEvent) GetRuleID 

func (this TimelinePolicyRuleModifiedEvent) GetRuleID() string

func (TimelinePolicyRuleModifiedEvent) GetRuleName 

func (this TimelinePolicyRuleModifiedEvent) GetRuleName() string

func (TimelinePolicyRuleModifiedEvent) GetStartTime 

func (this TimelinePolicyRuleModifiedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePolicyRuleModifiedEvent) GetSystemComponent 

func (this TimelinePolicyRuleModifiedEvent) GetSystemComponent() SystemComponent

func (TimelinePolicyRuleModifiedEvent) GetSystemUser 

func (this TimelinePolicyRuleModifiedEvent) GetSystemUser() *SystemUser

func (TimelinePolicyRuleModifiedEvent) GetTimestamp 

func (this TimelinePolicyRuleModifiedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePolicyRuleModifiedEvent) IsTimelineAuditEvent 

func (TimelinePolicyRuleModifiedEvent) IsTimelineAuditEvent()

func (TimelinePolicyRuleModifiedEvent) IsTimelineEvent 

func (TimelinePolicyRuleModifiedEvent) IsTimelineEvent()

func (TimelinePolicyRuleModifiedEvent) IsTimelinePolicyConfigurationEvent 

func (TimelinePolicyRuleModifiedEvent) IsTimelinePolicyConfigurationEvent()

func (TimelinePolicyRuleModifiedEvent) IsTimelinePolicySingleRuleChangedEvent 

func (TimelinePolicyRuleModifiedEvent) IsTimelinePolicySingleRuleChangedEvent()

func (TimelinePolicyRuleModifiedEvent) IsTimelineSystemConfigurationEvent 

func (TimelinePolicyRuleModifiedEvent) IsTimelineSystemConfigurationEvent()

type TimelinePolicyRulesReorderedEvent 

type TimelinePolicyRulesReorderedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelinePolicyRulesReorderedEvent) GetEndTime 

func (this TimelinePolicyRulesReorderedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePolicyRulesReorderedEvent) GetEventID 

func (this TimelinePolicyRulesReorderedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePolicyRulesReorderedEvent) GetEventLabel 

func (this TimelinePolicyRulesReorderedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePolicyRulesReorderedEvent) GetEventSeverity 

func (this TimelinePolicyRulesReorderedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePolicyRulesReorderedEvent) GetEventType 

func (this TimelinePolicyRulesReorderedEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePolicyRulesReorderedEvent) GetRelatedEvents 

func (this TimelinePolicyRulesReorderedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePolicyRulesReorderedEvent) GetStartTime 

func (this TimelinePolicyRulesReorderedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePolicyRulesReorderedEvent) GetSystemComponent 

func (this TimelinePolicyRulesReorderedEvent) GetSystemComponent() SystemComponent

func (TimelinePolicyRulesReorderedEvent) GetSystemUser 

func (this TimelinePolicyRulesReorderedEvent) GetSystemUser() *SystemUser

func (TimelinePolicyRulesReorderedEvent) GetTimestamp 

func (this TimelinePolicyRulesReorderedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePolicyRulesReorderedEvent) IsTimelineAuditEvent 

func (TimelinePolicyRulesReorderedEvent) IsTimelineAuditEvent()

func (TimelinePolicyRulesReorderedEvent) IsTimelineEvent 

func (TimelinePolicyRulesReorderedEvent) IsTimelineEvent()

func (TimelinePolicyRulesReorderedEvent) IsTimelinePolicyConfigurationEvent 

func (TimelinePolicyRulesReorderedEvent) IsTimelinePolicyConfigurationEvent()

func (TimelinePolicyRulesReorderedEvent) IsTimelineSystemConfigurationEvent 

func (TimelinePolicyRulesReorderedEvent) IsTimelineSystemConfigurationEvent()

type TimelinePolicySingleRuleChangedEvent 

type TimelinePolicySingleRuleChangedEvent interface {
	IsTimelinePolicySingleRuleChangedEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	GetRuleID() string
	GetRuleName() string
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	GetSystemComponent() SystemComponent
	GetSystemUser() *SystemUser
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A common interface for all events exposed by the `timeline` API.

type TimelinePrivilegeDeEscalationEvent 

type TimelinePrivilegeDeEscalationEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// List of removed privileges. All returned types are guaranteed to be subtypes of `AdminAccountRole`.
	RemovedPrivileges []EntityRoleType `json:"removedPrivileges"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating `Entity` privilege deescalation. Entity privileges are determined by `AdminAccountRole` entity roles.

func (TimelinePrivilegeDeEscalationEvent) GetEndTime 

func (this TimelinePrivilegeDeEscalationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePrivilegeDeEscalationEvent) GetEntity 

func (this TimelinePrivilegeDeEscalationEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelinePrivilegeDeEscalationEvent) GetEventID 

func (this TimelinePrivilegeDeEscalationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePrivilegeDeEscalationEvent) GetEventLabel 

func (this TimelinePrivilegeDeEscalationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePrivilegeDeEscalationEvent) GetEventSeverity 

func (this TimelinePrivilegeDeEscalationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePrivilegeDeEscalationEvent) GetEventType 

func (this TimelinePrivilegeDeEscalationEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePrivilegeDeEscalationEvent) GetRelatedEvents 

func (this TimelinePrivilegeDeEscalationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePrivilegeDeEscalationEvent) GetStartTime 

func (this TimelinePrivilegeDeEscalationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePrivilegeDeEscalationEvent) GetTimestamp 

func (this TimelinePrivilegeDeEscalationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePrivilegeDeEscalationEvent) IsTimelineEntityEvent 

func (TimelinePrivilegeDeEscalationEvent) IsTimelineEntityEvent()

func (TimelinePrivilegeDeEscalationEvent) IsTimelineEvent 

func (TimelinePrivilegeDeEscalationEvent) IsTimelineEvent()

type TimelinePrivilegeEscalationEvent 

type TimelinePrivilegeEscalationEvent struct {
	// List of added privileges. All returned types are guaranteed to be subtypes of `AdminAccountRole`.
	AddedPrivileges []EntityRoleType `json:"addedPrivileges"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating `Entity` privilege escalation. Entity privileges are determined by `AdminAccountRole` entity roles.

func (TimelinePrivilegeEscalationEvent) GetEndTime 

func (this TimelinePrivilegeEscalationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelinePrivilegeEscalationEvent) GetEntity 

func (this TimelinePrivilegeEscalationEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelinePrivilegeEscalationEvent) GetEventID 

func (this TimelinePrivilegeEscalationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelinePrivilegeEscalationEvent) GetEventLabel 

func (this TimelinePrivilegeEscalationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelinePrivilegeEscalationEvent) GetEventSeverity 

func (this TimelinePrivilegeEscalationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelinePrivilegeEscalationEvent) GetEventType 

func (this TimelinePrivilegeEscalationEvent) GetEventType() TimelineEventType

The event type.

func (TimelinePrivilegeEscalationEvent) GetRelatedEvents 

func (this TimelinePrivilegeEscalationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelinePrivilegeEscalationEvent) GetStartTime 

func (this TimelinePrivilegeEscalationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelinePrivilegeEscalationEvent) GetTimestamp 

func (this TimelinePrivilegeEscalationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelinePrivilegeEscalationEvent) IsTimelineEntityEvent 

func (TimelinePrivilegeEscalationEvent) IsTimelineEntityEvent()

func (TimelinePrivilegeEscalationEvent) IsTimelineEvent 

func (TimelinePrivilegeEscalationEvent) IsTimelineEvent()

type TimelineRemoteCodeExecutionEvent 

type TimelineRemoteCodeExecutionEvent struct {
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	ActiveDirectorySiteName *string      `json:"activeDirectorySiteName,omitempty"`
	BrowserInfo             *BrowserInfo `json:"browserInfo,omitempty"`
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	DataSource DataSource `json:"dataSource"`
	// A display-oriented label for the data source associated with the activity.
	DataSourceVendorName *string `json:"dataSourceVendorName,omitempty"`
	DeviceName           *string `json:"deviceName,omitempty"`
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	DeviceType *string `json:"deviceType,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	EndpointDisplayName *string `json:"endpointDisplayName,omitempty"`
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The geolocation associated with the activity, if any.
	GeoLocation *GeoLocation `json:"geoLocation,omitempty"`
	// The origin endpoint host name.
	HostName *string `json:"hostName,omitempty"`
	// The origin endpoint IP address, if available.
	IPAddress            *string            `json:"ipAddress,omitempty"`
	IPAddressReputations []IPReputation     `json:"ipAddressReputations"`
	IspClassification    *IspClassification `json:"ispClassification,omitempty"`
	IspDomain            *string            `json:"ispDomain,omitempty"`
	LdapSecurityType     *LdapSecurityType  `json:"ldapSecurityType,omitempty"`
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	LocationAssociatedWithUser *bool `json:"locationAssociatedWithUser,omitempty"`
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkTag *string `json:"networkTag,omitempty"`
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkType NetworkType `json:"networkType"`
	// Information about the origin endpoint operating system.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary network protocol used for performing the activity.
	ProtocolType    ProtocolType `json:"protocolType"`
	ProtocolVersion *string      `json:"protocolVersion,omitempty"`
	// A connection of related events.
	RelatedEvents             *TimelineEventConnection  `json:"relatedEvents,omitempty"`
	RemoteCodeExecutionMethod RemoteCodeExecutionMethod `json:"remoteCodeExecutionMethod"`
	SourceEntity              UserOrEndpointEntity      `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The target endpoint associated with this activity (such as a domain controller), if any.
	TargetEndpointEntity *EndpointEntity `json:"targetEndpointEntity,omitempty"`
	// The target service entity.
	TargetEntity             Entity  `json:"targetEntity,omitempty"`
	TargetServiceDescription *string `json:"targetServiceDescription,omitempty"`
	TargetServiceDisplayName *string `json:"targetServiceDisplayName,omitempty"`
	// The target service raw identifier.
	TargetServiceIdentifier *string `json:"targetServiceIdentifier,omitempty"`
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	TargetServiceType *ServiceType `json:"targetServiceType,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp  string      `json:"timestamp"`
	TLSVersion *TLSVersion `json:"tlsVersion,omitempty"`
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	UserDisplayName string `json:"userDisplayName"`
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `TimelineEvent` interface common to `timeline` events related to end user activity on endpoints, such as authentication and service access activities. This is the primary interface to be used in projections when querying the timeline for `user` activities.

When available, the user and endpoint `Entity` data is exposed through the corresponding fields. However, in some cases the data regarding the user or endpoint may be too limited to be associated with particular entities. For example, a `FAILED_AUTHENTICATION` event may be a result of a misspelled user name, and a `SUCCESSFUL_AUTHENTICATION` may originate outside the organization, limiting the available data about the source endpoint. For this reason, additional fields exposing more elementary data are also available, alongside the `Entity` fields.

func (TimelineRemoteCodeExecutionEvent) GetActiveDirectorySiteName 

func (this TimelineRemoteCodeExecutionEvent) GetActiveDirectorySiteName() *string

If the activity is known to have occurred within an Active Directory site, this is set to the site's name.

func (TimelineRemoteCodeExecutionEvent) GetBrowserInfo 

func (this TimelineRemoteCodeExecutionEvent) GetBrowserInfo() *BrowserInfo

func (TimelineRemoteCodeExecutionEvent) GetDataSource 

func (this TimelineRemoteCodeExecutionEvent) GetDataSource() DataSource

The data source associated with this activity. Because the `DataSource` enumeration contains some fallback values for generic sources, `dataSourceVendorName` is provided as an alternative.

func (TimelineRemoteCodeExecutionEvent) GetDataSourceVendorName 

func (this TimelineRemoteCodeExecutionEvent) GetDataSourceVendorName() *string

A display-oriented label for the data source associated with the activity.

func (TimelineRemoteCodeExecutionEvent) GetDeviceName 

func (this TimelineRemoteCodeExecutionEvent) GetDeviceName() *string

func (TimelineRemoteCodeExecutionEvent) GetDeviceType 

func (this TimelineRemoteCodeExecutionEvent) GetDeviceType() *string

A display-oriented label reflecting the origin endpoint operating system, as exposed by the `operatingSystemInfo` field. The semantics of this value are not rrigorously restricted. Therefore, the data is supposed to used programmatically, it is always recommended to project the underlying `operatingSystemInfo` field instead.

func (TimelineRemoteCodeExecutionEvent) GetEndTime 

func (this TimelineRemoteCodeExecutionEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineRemoteCodeExecutionEvent) GetEndpointDisplayName 

func (this TimelineRemoteCodeExecutionEvent) GetEndpointDisplayName() *string

A display-oriented label reflecting the best available display name for the origin endpoint. `EndpointEntity:primaryDisplayName` is used if available, otherwise either `hostName` or `ipAddress` may be used as a fallback option.

func (TimelineRemoteCodeExecutionEvent) GetEndpointEntity 

func (this TimelineRemoteCodeExecutionEvent) GetEndpointEntity() *EndpointEntity

The origin endpoint entity associated with the activity, if available. Note that `endpointDisplayName` is available even when the entity is unknown.

func (TimelineRemoteCodeExecutionEvent) GetEventID 

func (this TimelineRemoteCodeExecutionEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineRemoteCodeExecutionEvent) GetEventLabel 

func (this TimelineRemoteCodeExecutionEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineRemoteCodeExecutionEvent) GetEventSeverity 

func (this TimelineRemoteCodeExecutionEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineRemoteCodeExecutionEvent) GetEventType 

func (this TimelineRemoteCodeExecutionEvent) GetEventType() TimelineEventType

The event type.

func (TimelineRemoteCodeExecutionEvent) GetGeoLocation 

func (this TimelineRemoteCodeExecutionEvent) GetGeoLocation() *GeoLocation

The geolocation associated with the activity, if any.

func (TimelineRemoteCodeExecutionEvent) GetHostName 

func (this TimelineRemoteCodeExecutionEvent) GetHostName() *string

The origin endpoint host name.

func (TimelineRemoteCodeExecutionEvent) GetIPAddress 

func (this TimelineRemoteCodeExecutionEvent) GetIPAddress() *string

The origin endpoint IP address, if available.

func (TimelineRemoteCodeExecutionEvent) GetIPAddressReputations 

func (this TimelineRemoteCodeExecutionEvent) GetIPAddressReputations() []IPReputation

func (TimelineRemoteCodeExecutionEvent) GetIspClassification 

func (this TimelineRemoteCodeExecutionEvent) GetIspClassification() *IspClassification

func (TimelineRemoteCodeExecutionEvent) GetIspDomain 

func (this TimelineRemoteCodeExecutionEvent) GetIspDomain() *string

func (TimelineRemoteCodeExecutionEvent) GetLdapSecurityType 

func (this TimelineRemoteCodeExecutionEvent) GetLdapSecurityType() *LdapSecurityType

func (TimelineRemoteCodeExecutionEvent) GetLocationAssociatedWithUser 

func (this TimelineRemoteCodeExecutionEvent) GetLocationAssociatedWithUser() *bool

If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.

Returns `null` if no location data is available for this activity or if the user associated with this activity couldn't be correlated with a user entity.

func (TimelineRemoteCodeExecutionEvent) GetNetworkTag 

func (this TimelineRemoteCodeExecutionEvent) GetNetworkTag() *string

The subnet label, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineRemoteCodeExecutionEvent) GetNetworkType 

func (this TimelineRemoteCodeExecutionEvent) GetNetworkType() NetworkType

The subnet type, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineRemoteCodeExecutionEvent) GetOperatingSystemInfo 

func (this TimelineRemoteCodeExecutionEvent) GetOperatingSystemInfo() *OperatingSystemInfo

Information about the origin endpoint operating system.

func (TimelineRemoteCodeExecutionEvent) GetProtocolType 

func (this TimelineRemoteCodeExecutionEvent) GetProtocolType() ProtocolType

The primary network protocol used for performing the activity.

func (TimelineRemoteCodeExecutionEvent) GetProtocolVersion 

func (this TimelineRemoteCodeExecutionEvent) GetProtocolVersion() *string

func (TimelineRemoteCodeExecutionEvent) GetRelatedEvents 

func (this TimelineRemoteCodeExecutionEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineRemoteCodeExecutionEvent) GetSourceEntity 

func (this TimelineRemoteCodeExecutionEvent) GetSourceEntity() UserOrEndpointEntity

func (TimelineRemoteCodeExecutionEvent) GetStartTime 

func (this TimelineRemoteCodeExecutionEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineRemoteCodeExecutionEvent) GetTLSVersion 

func (this TimelineRemoteCodeExecutionEvent) GetTLSVersion() *TLSVersion

func (TimelineRemoteCodeExecutionEvent) GetTargetEndpointEntity 

func (this TimelineRemoteCodeExecutionEvent) GetTargetEndpointEntity() *EndpointEntity

The target endpoint associated with this activity (such as a domain controller), if any.

func (TimelineRemoteCodeExecutionEvent) GetTargetEntity 

func (this TimelineRemoteCodeExecutionEvent) GetTargetEntity() Entity

The target service entity.

func (TimelineRemoteCodeExecutionEvent) GetTargetServiceDescription 

func (this TimelineRemoteCodeExecutionEvent) GetTargetServiceDescription() *string

func (TimelineRemoteCodeExecutionEvent) GetTargetServiceDisplayName 

func (this TimelineRemoteCodeExecutionEvent) GetTargetServiceDisplayName() *string

func (TimelineRemoteCodeExecutionEvent) GetTargetServiceIdentifier 

func (this TimelineRemoteCodeExecutionEvent) GetTargetServiceIdentifier() *string

The target service raw identifier.

func (TimelineRemoteCodeExecutionEvent) GetTargetServiceType 

func (this TimelineRemoteCodeExecutionEvent) GetTargetServiceType() *ServiceType

A classification value of the service accessed, based on the raw identifier (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).

func (TimelineRemoteCodeExecutionEvent) GetTimestamp 

func (this TimelineRemoteCodeExecutionEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineRemoteCodeExecutionEvent) GetUserDisplayName 

func (this TimelineRemoteCodeExecutionEvent) GetUserDisplayName() string

A display-oriented label of the best available display name for the user associated with this event. `UserEntity:primaryDisplayName` is used if available. Otherwise, the raw user identifier used for performing this activity is applied.

func (TimelineRemoteCodeExecutionEvent) GetUserEntity 

func (this TimelineRemoteCodeExecutionEvent) GetUserEntity() *UserEntity

The user entity associated with the activity, if available. Note that `userDisplayName` is available even when the entity is unknown.

func (TimelineRemoteCodeExecutionEvent) IsTimelineEvent 

func (TimelineRemoteCodeExecutionEvent) IsTimelineEvent()

func (TimelineRemoteCodeExecutionEvent) IsTimelineUserOnEndpointActivityEvent 

func (TimelineRemoteCodeExecutionEvent) IsTimelineUserOnEndpointActivityEvent()

type TimelineReportAddedEvent 

type TimelineReportAddedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// A unique identifier for the report.
	ReportID string `json:"reportId"`
	// The report name.
	ReportName string `json:"reportName"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineReportAddedEvent) GetEndTime 

func (this TimelineReportAddedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineReportAddedEvent) GetEventID 

func (this TimelineReportAddedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineReportAddedEvent) GetEventLabel 

func (this TimelineReportAddedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineReportAddedEvent) GetEventSeverity 

func (this TimelineReportAddedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineReportAddedEvent) GetEventType 

func (this TimelineReportAddedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineReportAddedEvent) GetRelatedEvents 

func (this TimelineReportAddedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineReportAddedEvent) GetReportID 

func (this TimelineReportAddedEvent) GetReportID() string

A unique identifier for the report.

func (TimelineReportAddedEvent) GetReportName 

func (this TimelineReportAddedEvent) GetReportName() string

The report name.

func (TimelineReportAddedEvent) GetStartTime 

func (this TimelineReportAddedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineReportAddedEvent) GetSystemComponent 

func (this TimelineReportAddedEvent) GetSystemComponent() SystemComponent

func (TimelineReportAddedEvent) GetSystemUser 

func (this TimelineReportAddedEvent) GetSystemUser() *SystemUser

func (TimelineReportAddedEvent) GetTimestamp 

func (this TimelineReportAddedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineReportAddedEvent) IsTimelineAuditEvent 

func (TimelineReportAddedEvent) IsTimelineAuditEvent()

func (TimelineReportAddedEvent) IsTimelineConfigurationReportEvent 

func (TimelineReportAddedEvent) IsTimelineConfigurationReportEvent()

func (TimelineReportAddedEvent) IsTimelineEvent 

func (TimelineReportAddedEvent) IsTimelineEvent()

func (TimelineReportAddedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineReportAddedEvent) IsTimelineSystemConfigurationEvent()

type TimelineReportDeletedEvent 

type TimelineReportDeletedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// A unique identifier for the report.
	ReportID string `json:"reportId"`
	// The report name.
	ReportName string `json:"reportName"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineReportDeletedEvent) GetEndTime 

func (this TimelineReportDeletedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineReportDeletedEvent) GetEventID 

func (this TimelineReportDeletedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineReportDeletedEvent) GetEventLabel 

func (this TimelineReportDeletedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineReportDeletedEvent) GetEventSeverity 

func (this TimelineReportDeletedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineReportDeletedEvent) GetEventType 

func (this TimelineReportDeletedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineReportDeletedEvent) GetRelatedEvents 

func (this TimelineReportDeletedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineReportDeletedEvent) GetReportID 

func (this TimelineReportDeletedEvent) GetReportID() string

A unique identifier for the report.

func (TimelineReportDeletedEvent) GetReportName 

func (this TimelineReportDeletedEvent) GetReportName() string

The report name.

func (TimelineReportDeletedEvent) GetStartTime 

func (this TimelineReportDeletedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineReportDeletedEvent) GetSystemComponent 

func (this TimelineReportDeletedEvent) GetSystemComponent() SystemComponent

func (TimelineReportDeletedEvent) GetSystemUser 

func (this TimelineReportDeletedEvent) GetSystemUser() *SystemUser

func (TimelineReportDeletedEvent) GetTimestamp 

func (this TimelineReportDeletedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineReportDeletedEvent) IsTimelineAuditEvent 

func (TimelineReportDeletedEvent) IsTimelineAuditEvent()

func (TimelineReportDeletedEvent) IsTimelineConfigurationReportEvent 

func (TimelineReportDeletedEvent) IsTimelineConfigurationReportEvent()

func (TimelineReportDeletedEvent) IsTimelineEvent 

func (TimelineReportDeletedEvent) IsTimelineEvent()

func (TimelineReportDeletedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineReportDeletedEvent) IsTimelineSystemConfigurationEvent()

type TimelineReportModifiedEvent 

type TimelineReportModifiedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// A unique identifier for the report.
	ReportID string `json:"reportId"`
	// The report name.
	ReportName string `json:"reportName"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineReportModifiedEvent) GetEndTime 

func (this TimelineReportModifiedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineReportModifiedEvent) GetEventID 

func (this TimelineReportModifiedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineReportModifiedEvent) GetEventLabel 

func (this TimelineReportModifiedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineReportModifiedEvent) GetEventSeverity 

func (this TimelineReportModifiedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineReportModifiedEvent) GetEventType 

func (this TimelineReportModifiedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineReportModifiedEvent) GetRelatedEvents 

func (this TimelineReportModifiedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineReportModifiedEvent) GetReportID 

func (this TimelineReportModifiedEvent) GetReportID() string

A unique identifier for the report.

func (TimelineReportModifiedEvent) GetReportName 

func (this TimelineReportModifiedEvent) GetReportName() string

The report name.

func (TimelineReportModifiedEvent) GetStartTime 

func (this TimelineReportModifiedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineReportModifiedEvent) GetSystemComponent 

func (this TimelineReportModifiedEvent) GetSystemComponent() SystemComponent

func (TimelineReportModifiedEvent) GetSystemUser 

func (this TimelineReportModifiedEvent) GetSystemUser() *SystemUser

func (TimelineReportModifiedEvent) GetTimestamp 

func (this TimelineReportModifiedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineReportModifiedEvent) IsTimelineAuditEvent 

func (TimelineReportModifiedEvent) IsTimelineAuditEvent()

func (TimelineReportModifiedEvent) IsTimelineConfigurationReportEvent 

func (TimelineReportModifiedEvent) IsTimelineConfigurationReportEvent()

func (TimelineReportModifiedEvent) IsTimelineEvent 

func (TimelineReportModifiedEvent) IsTimelineEvent()

func (TimelineReportModifiedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineReportModifiedEvent) IsTimelineSystemConfigurationEvent()

type TimelineRiskFactorsConfigurationModifiedEvent 

type TimelineRiskFactorsConfigurationModifiedEvent struct {
	DisabledRiskFactors []RiskFactorType `json:"disabledRiskFactors"`
	EnabledRiskFactors  []RiskFactorType `json:"enabledRiskFactors"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineRiskFactorsConfigurationModifiedEvent) GetEndTime 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineRiskFactorsConfigurationModifiedEvent) GetEventID 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineRiskFactorsConfigurationModifiedEvent) GetEventLabel 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineRiskFactorsConfigurationModifiedEvent) GetEventSeverity 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineRiskFactorsConfigurationModifiedEvent) GetEventType 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineRiskFactorsConfigurationModifiedEvent) GetRelatedEvents 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineRiskFactorsConfigurationModifiedEvent) GetStartTime 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineRiskFactorsConfigurationModifiedEvent) GetSystemComponent 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetSystemComponent() SystemComponent

func (TimelineRiskFactorsConfigurationModifiedEvent) GetSystemUser 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetSystemUser() *SystemUser

func (TimelineRiskFactorsConfigurationModifiedEvent) GetTimestamp 

func (this TimelineRiskFactorsConfigurationModifiedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineRiskFactorsConfigurationModifiedEvent) IsTimelineAuditEvent 

func (TimelineRiskFactorsConfigurationModifiedEvent) IsTimelineAuditEvent()

func (TimelineRiskFactorsConfigurationModifiedEvent) IsTimelineEvent 

func (TimelineRiskFactorsConfigurationModifiedEvent) IsTimelineEvent()

func (TimelineRiskFactorsConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineRiskFactorsConfigurationModifiedEvent) IsTimelineSystemConfigurationEvent()

type TimelineScoreDeEscalationEvent 

type TimelineScoreDeEscalationEvent struct {
	CurrentScore    string `json:"currentScore"`
	CurrentSeverity string `json:"currentSeverity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType        TimelineEventType `json:"eventType"`
	PreviousScore    *string           `json:"previousScore,omitempty"`
	PreviousSeverity *ScoreSeverity    `json:"previousSeverity,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A specialized `TimelineEvent` interface common to `timeline` events focused on a single `Entity`.

func (TimelineScoreDeEscalationEvent) GetEndTime 

func (this TimelineScoreDeEscalationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineScoreDeEscalationEvent) GetEntity 

func (this TimelineScoreDeEscalationEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineScoreDeEscalationEvent) GetEventID 

func (this TimelineScoreDeEscalationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineScoreDeEscalationEvent) GetEventLabel 

func (this TimelineScoreDeEscalationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineScoreDeEscalationEvent) GetEventSeverity 

func (this TimelineScoreDeEscalationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineScoreDeEscalationEvent) GetEventType 

func (this TimelineScoreDeEscalationEvent) GetEventType() TimelineEventType

The event type.

func (TimelineScoreDeEscalationEvent) GetRelatedEvents 

func (this TimelineScoreDeEscalationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineScoreDeEscalationEvent) GetStartTime 

func (this TimelineScoreDeEscalationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineScoreDeEscalationEvent) GetTimestamp 

func (this TimelineScoreDeEscalationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineScoreDeEscalationEvent) IsTimelineEntityEvent 

func (TimelineScoreDeEscalationEvent) IsTimelineEntityEvent()

func (TimelineScoreDeEscalationEvent) IsTimelineEvent 

func (TimelineScoreDeEscalationEvent) IsTimelineEvent()

type TimelineScoreEscalationEvent 

type TimelineScoreEscalationEvent struct {
	// The risk score value associated with the entity after the event.
	CurrentScore string `json:"currentScore"`
	// The risk score severity value associated with the entity after the event.
	CurrentSeverity string `json:"currentSeverity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The risk score value associated with the entity prior to the event.
	PreviousScore *string `json:"previousScore,omitempty"`
	// The risk score severity value associated with the entity prior to the event.
	PreviousSeverity *ScoreSeverity `json:"previousSeverity,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating an escalation in the risk score severity of an entity (see `UserOrEndpointEntity:riskScore`).

func (TimelineScoreEscalationEvent) GetEndTime 

func (this TimelineScoreEscalationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineScoreEscalationEvent) GetEntity 

func (this TimelineScoreEscalationEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineScoreEscalationEvent) GetEventID 

func (this TimelineScoreEscalationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineScoreEscalationEvent) GetEventLabel 

func (this TimelineScoreEscalationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineScoreEscalationEvent) GetEventSeverity 

func (this TimelineScoreEscalationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineScoreEscalationEvent) GetEventType 

func (this TimelineScoreEscalationEvent) GetEventType() TimelineEventType

The event type.

func (TimelineScoreEscalationEvent) GetRelatedEvents 

func (this TimelineScoreEscalationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineScoreEscalationEvent) GetStartTime 

func (this TimelineScoreEscalationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineScoreEscalationEvent) GetTimestamp 

func (this TimelineScoreEscalationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineScoreEscalationEvent) IsTimelineEntityEvent 

func (TimelineScoreEscalationEvent) IsTimelineEntityEvent()

func (TimelineScoreEscalationEvent) IsTimelineEvent 

func (TimelineScoreEscalationEvent) IsTimelineEvent()

type TimelineSensorWatchdogEvent 

type TimelineSensorWatchdogEvent struct {
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType                      TimelineEventType `json:"eventType"`
	LastSampledMemoryValueMb       int               `json:"lastSampledMemoryValueMB"`
	MemoryThresholdDurationMinutes int               `json:"memoryThresholdDurationMinutes"`
	MemoryThresholdMb              int               `json:"memoryThresholdMB"`
	// A connection of related events.
	RelatedEvents     *TimelineEventConnection `json:"relatedEvents,omitempty"`
	RemediationAction string                   `json:"remediationAction"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp        string `json:"timestamp"`
	TriggeringMetric string `json:"triggeringMetric"`
}

A specialized `TimelineEvent` interface common to system notifications concerning a specific Active Directory domain controller.

func (TimelineSensorWatchdogEvent) GetDomainControllerEntity 

func (this TimelineSensorWatchdogEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineSensorWatchdogEvent) GetEndTime 

func (this TimelineSensorWatchdogEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineSensorWatchdogEvent) GetEventID 

func (this TimelineSensorWatchdogEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineSensorWatchdogEvent) GetEventLabel 

func (this TimelineSensorWatchdogEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineSensorWatchdogEvent) GetEventSeverity 

func (this TimelineSensorWatchdogEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineSensorWatchdogEvent) GetEventType 

func (this TimelineSensorWatchdogEvent) GetEventType() TimelineEventType

The event type.

func (TimelineSensorWatchdogEvent) GetRelatedEvents 

func (this TimelineSensorWatchdogEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineSensorWatchdogEvent) GetStartTime 

func (this TimelineSensorWatchdogEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineSensorWatchdogEvent) GetState 

func (this TimelineSensorWatchdogEvent) GetState() *NotificationState

The system notification status.

func (TimelineSensorWatchdogEvent) GetTimestamp 

func (this TimelineSensorWatchdogEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineSensorWatchdogEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineSensorWatchdogEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineSensorWatchdogEvent) IsTimelineEvent 

func (TimelineSensorWatchdogEvent) IsTimelineEvent()

func (TimelineSensorWatchdogEvent) IsTimelineNotificationEvent 

func (TimelineSensorWatchdogEvent) IsTimelineNotificationEvent()

type TimelineServiceAccessEvent 

type TimelineServiceAccessEvent struct {
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	ActiveDirectorySiteName *string      `json:"activeDirectorySiteName,omitempty"`
	BrowserInfo             *BrowserInfo `json:"browserInfo,omitempty"`
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	DataSource DataSource `json:"dataSource"`
	// A display-oriented label for the data source associated with the activity.
	DataSourceVendorName *string `json:"dataSourceVendorName,omitempty"`
	DeviceName           *string `json:"deviceName,omitempty"`
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	DeviceType *string `json:"deviceType,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	EndpointDisplayName *string `json:"endpointDisplayName,omitempty"`
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The geolocation associated with the activity, if any.
	GeoLocation *GeoLocation `json:"geoLocation,omitempty"`
	// The origin endpoint host name.
	HostName *string `json:"hostName,omitempty"`
	// The origin endpoint IP address, if available.
	IPAddress            *string            `json:"ipAddress,omitempty"`
	IPAddressReputations []IPReputation     `json:"ipAddressReputations"`
	IspClassification    *IspClassification `json:"ispClassification,omitempty"`
	IspDomain            *string            `json:"ispDomain,omitempty"`
	// The list of Kerberos encryption types specified by the client. Only set for
	// activities performed over the Kerberos protocol (see `protocolType`),
	KerberosEncryptionTypes []KerberosEncryptionType `json:"kerberosEncryptionTypes,omitempty"`
	LdapSecurityType        *LdapSecurityType        `json:"ldapSecurityType,omitempty"`
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	LocationAssociatedWithUser *bool `json:"locationAssociatedWithUser,omitempty"`
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkTag *string `json:"networkTag,omitempty"`
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkType NetworkType `json:"networkType"`
	// Information about the origin endpoint operating system.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary network protocol used for performing the activity.
	ProtocolType    ProtocolType `json:"protocolType"`
	ProtocolVersion *string      `json:"protocolVersion,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// *Deprecated*: Use `TimelineUserOnEndpointActivityEvent:targetServiceType` instead
	ServiceType  ServiceType          `json:"serviceType"`
	SourceEntity UserOrEndpointEntity `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The target endpoint associated with this activity (such as a domain controller), if any.
	TargetEndpointEntity *EndpointEntity `json:"targetEndpointEntity,omitempty"`
	// The target service entity.
	TargetEntity             Entity  `json:"targetEntity,omitempty"`
	TargetServiceDescription *string `json:"targetServiceDescription,omitempty"`
	TargetServiceDisplayName *string `json:"targetServiceDisplayName,omitempty"`
	// *Deprecated*: Use `TimelineUserOnEndpointActivityEvent:targetEntity` instead
	TargetServiceEntity Entity `json:"targetServiceEntity"`
	// The target service raw identifier.
	TargetServiceIdentifier *string `json:"targetServiceIdentifier,omitempty"`
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	TargetServiceType *ServiceType `json:"targetServiceType,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp  string      `json:"timestamp"`
	TLSVersion *TLSVersion `json:"tlsVersion,omitempty"`
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	UserDisplayName string `json:"userDisplayName"`
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `timeline` event indicating a service access network activity.

func (TimelineServiceAccessEvent) GetActiveDirectorySiteName 

func (this TimelineServiceAccessEvent) GetActiveDirectorySiteName() *string

If the activity is known to have occurred within an Active Directory site, this is set to the site's name.

func (TimelineServiceAccessEvent) GetBrowserInfo 

func (this TimelineServiceAccessEvent) GetBrowserInfo() *BrowserInfo

func (TimelineServiceAccessEvent) GetDataSource 

func (this TimelineServiceAccessEvent) GetDataSource() DataSource

The data source associated with this activity. Because the `DataSource` enumeration contains some fallback values for generic sources, `dataSourceVendorName` is provided as an alternative.

func (TimelineServiceAccessEvent) GetDataSourceVendorName 

func (this TimelineServiceAccessEvent) GetDataSourceVendorName() *string

A display-oriented label for the data source associated with the activity.

func (TimelineServiceAccessEvent) GetDeviceName 

func (this TimelineServiceAccessEvent) GetDeviceName() *string

func (TimelineServiceAccessEvent) GetDeviceType 

func (this TimelineServiceAccessEvent) GetDeviceType() *string

A display-oriented label reflecting the origin endpoint operating system, as exposed by the `operatingSystemInfo` field. The semantics of this value are not rrigorously restricted. Therefore, the data is supposed to used programmatically, it is always recommended to project the underlying `operatingSystemInfo` field instead.

func (TimelineServiceAccessEvent) GetEndTime 

func (this TimelineServiceAccessEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineServiceAccessEvent) GetEndpointDisplayName 

func (this TimelineServiceAccessEvent) GetEndpointDisplayName() *string

A display-oriented label reflecting the best available display name for the origin endpoint. `EndpointEntity:primaryDisplayName` is used if available, otherwise either `hostName` or `ipAddress` may be used as a fallback option.

func (TimelineServiceAccessEvent) GetEndpointEntity 

func (this TimelineServiceAccessEvent) GetEndpointEntity() *EndpointEntity

The origin endpoint entity associated with the activity, if available. Note that `endpointDisplayName` is available even when the entity is unknown.

func (TimelineServiceAccessEvent) GetEventID 

func (this TimelineServiceAccessEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineServiceAccessEvent) GetEventLabel 

func (this TimelineServiceAccessEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineServiceAccessEvent) GetEventSeverity 

func (this TimelineServiceAccessEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineServiceAccessEvent) GetEventType 

func (this TimelineServiceAccessEvent) GetEventType() TimelineEventType

The event type.

func (TimelineServiceAccessEvent) GetGeoLocation 

func (this TimelineServiceAccessEvent) GetGeoLocation() *GeoLocation

The geolocation associated with the activity, if any.

func (TimelineServiceAccessEvent) GetHostName 

func (this TimelineServiceAccessEvent) GetHostName() *string

The origin endpoint host name.

func (TimelineServiceAccessEvent) GetIPAddress 

func (this TimelineServiceAccessEvent) GetIPAddress() *string

The origin endpoint IP address, if available.

func (TimelineServiceAccessEvent) GetIPAddressReputations 

func (this TimelineServiceAccessEvent) GetIPAddressReputations() []IPReputation

func (TimelineServiceAccessEvent) GetIspClassification 

func (this TimelineServiceAccessEvent) GetIspClassification() *IspClassification

func (TimelineServiceAccessEvent) GetIspDomain 

func (this TimelineServiceAccessEvent) GetIspDomain() *string

func (TimelineServiceAccessEvent) GetLdapSecurityType 

func (this TimelineServiceAccessEvent) GetLdapSecurityType() *LdapSecurityType

func (TimelineServiceAccessEvent) GetLocationAssociatedWithUser 

func (this TimelineServiceAccessEvent) GetLocationAssociatedWithUser() *bool

If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.

Returns `null` if no location data is available for this activity or if the user associated with this activity couldn't be correlated with a user entity.

func (TimelineServiceAccessEvent) GetNetworkTag 

func (this TimelineServiceAccessEvent) GetNetworkTag() *string

The subnet label, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineServiceAccessEvent) GetNetworkType 

func (this TimelineServiceAccessEvent) GetNetworkType() NetworkType

The subnet type, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineServiceAccessEvent) GetOperatingSystemInfo 

func (this TimelineServiceAccessEvent) GetOperatingSystemInfo() *OperatingSystemInfo

Information about the origin endpoint operating system.

func (TimelineServiceAccessEvent) GetProtocolType 

func (this TimelineServiceAccessEvent) GetProtocolType() ProtocolType

The primary network protocol used for performing the activity.

func (TimelineServiceAccessEvent) GetProtocolVersion 

func (this TimelineServiceAccessEvent) GetProtocolVersion() *string

func (TimelineServiceAccessEvent) GetRelatedEvents 

func (this TimelineServiceAccessEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineServiceAccessEvent) GetSourceEntity 

func (this TimelineServiceAccessEvent) GetSourceEntity() UserOrEndpointEntity

func (TimelineServiceAccessEvent) GetStartTime 

func (this TimelineServiceAccessEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineServiceAccessEvent) GetTLSVersion 

func (this TimelineServiceAccessEvent) GetTLSVersion() *TLSVersion

func (TimelineServiceAccessEvent) GetTargetEndpointEntity 

func (this TimelineServiceAccessEvent) GetTargetEndpointEntity() *EndpointEntity

The target endpoint associated with this activity (such as a domain controller), if any.

func (TimelineServiceAccessEvent) GetTargetEntity 

func (this TimelineServiceAccessEvent) GetTargetEntity() Entity

The target service entity.

func (TimelineServiceAccessEvent) GetTargetServiceDescription 

func (this TimelineServiceAccessEvent) GetTargetServiceDescription() *string

func (TimelineServiceAccessEvent) GetTargetServiceDisplayName 

func (this TimelineServiceAccessEvent) GetTargetServiceDisplayName() *string

func (TimelineServiceAccessEvent) GetTargetServiceIdentifier 

func (this TimelineServiceAccessEvent) GetTargetServiceIdentifier() *string

The target service raw identifier.

func (TimelineServiceAccessEvent) GetTargetServiceType 

func (this TimelineServiceAccessEvent) GetTargetServiceType() *ServiceType

A classification value of the service accessed, based on the raw identifier (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).

func (TimelineServiceAccessEvent) GetTimestamp 

func (this TimelineServiceAccessEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineServiceAccessEvent) GetUserDisplayName 

func (this TimelineServiceAccessEvent) GetUserDisplayName() string

A display-oriented label of the best available display name for the user associated with this event. `UserEntity:primaryDisplayName` is used if available. Otherwise, the raw user identifier used for performing this activity is applied.

func (TimelineServiceAccessEvent) GetUserEntity 

func (this TimelineServiceAccessEvent) GetUserEntity() *UserEntity

The user entity associated with the activity, if available. Note that `userDisplayName` is available even when the entity is unknown.

func (TimelineServiceAccessEvent) IsTimelineEvent 

func (TimelineServiceAccessEvent) IsTimelineEvent()

func (TimelineServiceAccessEvent) IsTimelineUserOnEndpointActivityEvent 

func (TimelineServiceAccessEvent) IsTimelineUserOnEndpointActivityEvent()

type TimelineSuccessfulAuthenticationEvent 

type TimelineSuccessfulAuthenticationEvent struct {
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	ActiveDirectorySiteName *string `json:"activeDirectorySiteName,omitempty"`
	// The authentication type.
	AuthenticationType   AuthenticationType `json:"authenticationType"`
	BrowserInfo          *BrowserInfo       `json:"browserInfo,omitempty"`
	CertificateBasedAuth *bool              `json:"certificateBasedAuth,omitempty"`
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	DataSource DataSource `json:"dataSource"`
	// A display-oriented label for the data source associated with the activity.
	DataSourceVendorName *string `json:"dataSourceVendorName,omitempty"`
	DeviceName           *string `json:"deviceName,omitempty"`
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	DeviceType *string `json:"deviceType,omitempty"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	EndpointDisplayName *string `json:"endpointDisplayName,omitempty"`
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	EndpointEntity *EndpointEntity `json:"endpointEntity,omitempty"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// The geolocation associated with the activity, if any.
	GeoLocation *GeoLocation `json:"geoLocation,omitempty"`
	// The origin endpoint host name.
	HostName *string `json:"hostName,omitempty"`
	// The origin endpoint IP address, if available.
	IPAddress            *string            `json:"ipAddress,omitempty"`
	IPAddressReputations []IPReputation     `json:"ipAddressReputations"`
	IspClassification    *IspClassification `json:"ispClassification,omitempty"`
	IspDomain            *string            `json:"ispDomain,omitempty"`
	// The list of Kerberos encryption types specified by the client. Only set for
	// activities performed over the Kerberos protocol (see `protocolType`),
	KerberosEncryptionTypes []KerberosEncryptionType `json:"kerberosEncryptionTypes,omitempty"`
	LdapSecurityType        *LdapSecurityType        `json:"ldapSecurityType,omitempty"`
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	LocationAssociatedWithUser *bool `json:"locationAssociatedWithUser,omitempty"`
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkTag *string `json:"networkTag,omitempty"`
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	NetworkType NetworkType `json:"networkType"`
	// Information about the origin endpoint operating system.
	OperatingSystemInfo *OperatingSystemInfo `json:"operatingSystemInfo,omitempty"`
	// The primary network protocol used for performing the activity.
	ProtocolType    ProtocolType `json:"protocolType"`
	ProtocolVersion *string      `json:"protocolVersion,omitempty"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	SmbDialect    *SmbDialect              `json:"smbDialect,omitempty"`
	SourceEntity  UserOrEndpointEntity     `json:"sourceEntity,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The target endpoint associated with this activity (such as a domain controller), if any.
	TargetEndpointEntity *EndpointEntity `json:"targetEndpointEntity,omitempty"`
	// The target service entity.
	TargetEntity             Entity  `json:"targetEntity,omitempty"`
	TargetServiceDescription *string `json:"targetServiceDescription,omitempty"`
	TargetServiceDisplayName *string `json:"targetServiceDisplayName,omitempty"`
	// The target service raw identifier.
	TargetServiceIdentifier *string `json:"targetServiceIdentifier,omitempty"`
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	TargetServiceType *ServiceType `json:"targetServiceType,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp  string      `json:"timestamp"`
	TLSVersion *TLSVersion `json:"tlsVersion,omitempty"`
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	UserDisplayName string `json:"userDisplayName"`
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	UserEntity *UserEntity `json:"userEntity,omitempty"`
}

A `timeline` event indicating a successful user authentication on an endpoint.

func (TimelineSuccessfulAuthenticationEvent) GetActiveDirectorySiteName 

func (this TimelineSuccessfulAuthenticationEvent) GetActiveDirectorySiteName() *string

If the activity is known to have occurred within an Active Directory site, this is set to the site's name.

func (TimelineSuccessfulAuthenticationEvent) GetAuthenticationType 

func (this TimelineSuccessfulAuthenticationEvent) GetAuthenticationType() AuthenticationType

The authentication type.

func (TimelineSuccessfulAuthenticationEvent) GetBrowserInfo 

func (this TimelineSuccessfulAuthenticationEvent) GetBrowserInfo() *BrowserInfo

func (TimelineSuccessfulAuthenticationEvent) GetDataSource 

func (this TimelineSuccessfulAuthenticationEvent) GetDataSource() DataSource

The data source associated with this activity. Because the `DataSource` enumeration contains some fallback values for generic sources, `dataSourceVendorName` is provided as an alternative.

func (TimelineSuccessfulAuthenticationEvent) GetDataSourceVendorName 

func (this TimelineSuccessfulAuthenticationEvent) GetDataSourceVendorName() *string

A display-oriented label for the data source associated with the activity.

func (TimelineSuccessfulAuthenticationEvent) GetDeviceName 

func (this TimelineSuccessfulAuthenticationEvent) GetDeviceName() *string

func (TimelineSuccessfulAuthenticationEvent) GetDeviceType 

func (this TimelineSuccessfulAuthenticationEvent) GetDeviceType() *string

A display-oriented label reflecting the origin endpoint operating system, as exposed by the `operatingSystemInfo` field. The semantics of this value are not rrigorously restricted. Therefore, the data is supposed to used programmatically, it is always recommended to project the underlying `operatingSystemInfo` field instead.

func (TimelineSuccessfulAuthenticationEvent) GetEndTime 

func (this TimelineSuccessfulAuthenticationEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineSuccessfulAuthenticationEvent) GetEndpointDisplayName 

func (this TimelineSuccessfulAuthenticationEvent) GetEndpointDisplayName() *string

A display-oriented label reflecting the best available display name for the origin endpoint. `EndpointEntity:primaryDisplayName` is used if available, otherwise either `hostName` or `ipAddress` may be used as a fallback option.

func (TimelineSuccessfulAuthenticationEvent) GetEndpointEntity 

func (this TimelineSuccessfulAuthenticationEvent) GetEndpointEntity() *EndpointEntity

The origin endpoint entity associated with the activity, if available. Note that `endpointDisplayName` is available even when the entity is unknown.

func (TimelineSuccessfulAuthenticationEvent) GetEventID 

func (this TimelineSuccessfulAuthenticationEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineSuccessfulAuthenticationEvent) GetEventLabel 

func (this TimelineSuccessfulAuthenticationEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineSuccessfulAuthenticationEvent) GetEventSeverity 

func (this TimelineSuccessfulAuthenticationEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineSuccessfulAuthenticationEvent) GetEventType 

func (this TimelineSuccessfulAuthenticationEvent) GetEventType() TimelineEventType

The event type.

func (TimelineSuccessfulAuthenticationEvent) GetGeoLocation 

func (this TimelineSuccessfulAuthenticationEvent) GetGeoLocation() *GeoLocation

The geolocation associated with the activity, if any.

func (TimelineSuccessfulAuthenticationEvent) GetHostName 

func (this TimelineSuccessfulAuthenticationEvent) GetHostName() *string

The origin endpoint host name.

func (TimelineSuccessfulAuthenticationEvent) GetIPAddress 

func (this TimelineSuccessfulAuthenticationEvent) GetIPAddress() *string

The origin endpoint IP address, if available.

func (TimelineSuccessfulAuthenticationEvent) GetIPAddressReputations 

func (this TimelineSuccessfulAuthenticationEvent) GetIPAddressReputations() []IPReputation

func (TimelineSuccessfulAuthenticationEvent) GetIspClassification 

func (this TimelineSuccessfulAuthenticationEvent) GetIspClassification() *IspClassification

func (TimelineSuccessfulAuthenticationEvent) GetIspDomain 

func (this TimelineSuccessfulAuthenticationEvent) GetIspDomain() *string

func (TimelineSuccessfulAuthenticationEvent) GetKerberosEncryptionTypes 

func (this TimelineSuccessfulAuthenticationEvent) GetKerberosEncryptionTypes() []KerberosEncryptionType

The list of Kerberos encryption types specified by the client. Only set for activities performed over the Kerberos protocol (see `protocolType`),

func (TimelineSuccessfulAuthenticationEvent) GetLdapSecurityType 

func (this TimelineSuccessfulAuthenticationEvent) GetLdapSecurityType() *LdapSecurityType

func (TimelineSuccessfulAuthenticationEvent) GetLocationAssociatedWithUser 

func (this TimelineSuccessfulAuthenticationEvent) GetLocationAssociatedWithUser() *bool

If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.

Returns `null` if no location data is available for this activity or if the user associated with this activity couldn't be correlated with a user entity.

func (TimelineSuccessfulAuthenticationEvent) GetNetworkTag 

func (this TimelineSuccessfulAuthenticationEvent) GetNetworkTag() *string

The subnet label, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineSuccessfulAuthenticationEvent) GetNetworkType 

func (this TimelineSuccessfulAuthenticationEvent) GetNetworkType() NetworkType

The subnet type, as defined in the system configuration, associated with the origin endpoint IP address at the time the activity was performed.

func (TimelineSuccessfulAuthenticationEvent) GetOperatingSystemInfo 

func (this TimelineSuccessfulAuthenticationEvent) GetOperatingSystemInfo() *OperatingSystemInfo

Information about the origin endpoint operating system.

func (TimelineSuccessfulAuthenticationEvent) GetProtocolType 

func (this TimelineSuccessfulAuthenticationEvent) GetProtocolType() ProtocolType

The primary network protocol used for performing the activity.

func (TimelineSuccessfulAuthenticationEvent) GetProtocolVersion 

func (this TimelineSuccessfulAuthenticationEvent) GetProtocolVersion() *string

func (TimelineSuccessfulAuthenticationEvent) GetRelatedEvents 

func (this TimelineSuccessfulAuthenticationEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineSuccessfulAuthenticationEvent) GetSmbDialect 

func (this TimelineSuccessfulAuthenticationEvent) GetSmbDialect() *SmbDialect

func (TimelineSuccessfulAuthenticationEvent) GetSourceEntity 

func (this TimelineSuccessfulAuthenticationEvent) GetSourceEntity() UserOrEndpointEntity

func (TimelineSuccessfulAuthenticationEvent) GetStartTime 

func (this TimelineSuccessfulAuthenticationEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineSuccessfulAuthenticationEvent) GetTLSVersion 

func (this TimelineSuccessfulAuthenticationEvent) GetTLSVersion() *TLSVersion

func (TimelineSuccessfulAuthenticationEvent) GetTargetEndpointEntity 

func (this TimelineSuccessfulAuthenticationEvent) GetTargetEndpointEntity() *EndpointEntity

The target endpoint associated with this activity (such as a domain controller), if any.

func (TimelineSuccessfulAuthenticationEvent) GetTargetEntity 

func (this TimelineSuccessfulAuthenticationEvent) GetTargetEntity() Entity

The target service entity.

func (TimelineSuccessfulAuthenticationEvent) GetTargetServiceDescription 

func (this TimelineSuccessfulAuthenticationEvent) GetTargetServiceDescription() *string

func (TimelineSuccessfulAuthenticationEvent) GetTargetServiceDisplayName 

func (this TimelineSuccessfulAuthenticationEvent) GetTargetServiceDisplayName() *string

func (TimelineSuccessfulAuthenticationEvent) GetTargetServiceIdentifier 

func (this TimelineSuccessfulAuthenticationEvent) GetTargetServiceIdentifier() *string

The target service raw identifier.

func (TimelineSuccessfulAuthenticationEvent) GetTargetServiceType 

func (this TimelineSuccessfulAuthenticationEvent) GetTargetServiceType() *ServiceType

A classification value of the service accessed, based on the raw identifier (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).

func (TimelineSuccessfulAuthenticationEvent) GetTimestamp 

func (this TimelineSuccessfulAuthenticationEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineSuccessfulAuthenticationEvent) GetUserDisplayName 

func (this TimelineSuccessfulAuthenticationEvent) GetUserDisplayName() string

A display-oriented label of the best available display name for the user associated with this event. `UserEntity:primaryDisplayName` is used if available. Otherwise, the raw user identifier used for performing this activity is applied.

func (TimelineSuccessfulAuthenticationEvent) GetUserEntity 

func (this TimelineSuccessfulAuthenticationEvent) GetUserEntity() *UserEntity

The user entity associated with the activity, if available. Note that `userDisplayName` is available even when the entity is unknown.

func (TimelineSuccessfulAuthenticationEvent) IsTimelineAuthenticationEvent 

func (TimelineSuccessfulAuthenticationEvent) IsTimelineAuthenticationEvent()

func (TimelineSuccessfulAuthenticationEvent) IsTimelineEvent 

func (TimelineSuccessfulAuthenticationEvent) IsTimelineEvent()

func (TimelineSuccessfulAuthenticationEvent) IsTimelineUserOnEndpointActivityEvent 

func (TimelineSuccessfulAuthenticationEvent) IsTimelineUserOnEndpointActivityEvent()

type TimelineSystemConfigurationEvent 

type TimelineSystemConfigurationEvent interface {
	IsTimelineSystemConfigurationEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	GetSystemComponent() SystemComponent
	GetSystemUser() *SystemUser
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A common interface for all events exposed by the `timeline` API.

type TimelineToolDeletedEvent 

type TimelineToolDeletedEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	Name      string            `json:"name"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime       string          `json:"startTime"`
	SystemComponent SystemComponent `json:"systemComponent"`
	SystemUser      *SystemUser     `json:"systemUser,omitempty"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A common interface for all events exposed by the `timeline` API.

func (TimelineToolDeletedEvent) GetEndTime 

func (this TimelineToolDeletedEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineToolDeletedEvent) GetEventID 

func (this TimelineToolDeletedEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineToolDeletedEvent) GetEventLabel 

func (this TimelineToolDeletedEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineToolDeletedEvent) GetEventSeverity 

func (this TimelineToolDeletedEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineToolDeletedEvent) GetEventType 

func (this TimelineToolDeletedEvent) GetEventType() TimelineEventType

The event type.

func (TimelineToolDeletedEvent) GetRelatedEvents 

func (this TimelineToolDeletedEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineToolDeletedEvent) GetStartTime 

func (this TimelineToolDeletedEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineToolDeletedEvent) GetSystemComponent 

func (this TimelineToolDeletedEvent) GetSystemComponent() SystemComponent

func (TimelineToolDeletedEvent) GetSystemUser 

func (this TimelineToolDeletedEvent) GetSystemUser() *SystemUser

func (TimelineToolDeletedEvent) GetTimestamp 

func (this TimelineToolDeletedEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineToolDeletedEvent) IsTimelineAuditEvent 

func (TimelineToolDeletedEvent) IsTimelineAuditEvent()

func (TimelineToolDeletedEvent) IsTimelineEvent 

func (TimelineToolDeletedEvent) IsTimelineEvent()

func (TimelineToolDeletedEvent) IsTimelineSystemConfigurationEvent 

func (TimelineToolDeletedEvent) IsTimelineSystemConfigurationEvent()

type TimelineToolFailureEvent 

type TimelineToolFailureEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// Information regarding the error.
	ErrorDetails ErrorDetails `json:"errorDetails"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	Name      string            `json:"name"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `TimelineEvent` interface common to system notification `timeline` events.

func (TimelineToolFailureEvent) GetEndTime 

func (this TimelineToolFailureEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineToolFailureEvent) GetErrorDetails 

func (this TimelineToolFailureEvent) GetErrorDetails() ErrorDetails

Information regarding the error.

func (TimelineToolFailureEvent) GetEventID 

func (this TimelineToolFailureEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineToolFailureEvent) GetEventLabel 

func (this TimelineToolFailureEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineToolFailureEvent) GetEventSeverity 

func (this TimelineToolFailureEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineToolFailureEvent) GetEventType 

func (this TimelineToolFailureEvent) GetEventType() TimelineEventType

The event type.

func (TimelineToolFailureEvent) GetRelatedEvents 

func (this TimelineToolFailureEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineToolFailureEvent) GetStartTime 

func (this TimelineToolFailureEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineToolFailureEvent) GetState 

func (this TimelineToolFailureEvent) GetState() *NotificationState

The system notification status.

func (TimelineToolFailureEvent) GetTimestamp 

func (this TimelineToolFailureEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineToolFailureEvent) IsTimelineErrorEvent 

func (TimelineToolFailureEvent) IsTimelineErrorEvent()

func (TimelineToolFailureEvent) IsTimelineEvent 

func (TimelineToolFailureEvent) IsTimelineEvent()

func (TimelineToolFailureEvent) IsTimelineNotificationEvent 

func (TimelineToolFailureEvent) IsTimelineNotificationEvent()

type TimelineUncoveredDomainControllerEvent 

type TimelineUncoveredDomainControllerEvent struct {
	// The domain controller's domain.
	Domain string `json:"domain"`
	// The domain controller entity.
	DomainControllerEntity *EndpointEntity `json:"domainControllerEntity"`
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The system notification status.
	State *NotificationState `json:"state"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event type indicating a potential coverage issue for some domain controller traffic.

func (TimelineUncoveredDomainControllerEvent) GetDomainControllerEntity 

func (this TimelineUncoveredDomainControllerEvent) GetDomainControllerEntity() *EndpointEntity

The domain controller entity.

func (TimelineUncoveredDomainControllerEvent) GetEndTime 

func (this TimelineUncoveredDomainControllerEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineUncoveredDomainControllerEvent) GetEventID 

func (this TimelineUncoveredDomainControllerEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineUncoveredDomainControllerEvent) GetEventLabel 

func (this TimelineUncoveredDomainControllerEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineUncoveredDomainControllerEvent) GetEventSeverity 

func (this TimelineUncoveredDomainControllerEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineUncoveredDomainControllerEvent) GetEventType 

func (this TimelineUncoveredDomainControllerEvent) GetEventType() TimelineEventType

The event type.

func (TimelineUncoveredDomainControllerEvent) GetRelatedEvents 

func (this TimelineUncoveredDomainControllerEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineUncoveredDomainControllerEvent) GetStartTime 

func (this TimelineUncoveredDomainControllerEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineUncoveredDomainControllerEvent) GetState 

func (this TimelineUncoveredDomainControllerEvent) GetState() *NotificationState

The system notification status.

func (TimelineUncoveredDomainControllerEvent) GetTimestamp 

func (this TimelineUncoveredDomainControllerEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineUncoveredDomainControllerEvent) IsTimelineDomainControllerNotificationEvent 

func (TimelineUncoveredDomainControllerEvent) IsTimelineDomainControllerNotificationEvent()

func (TimelineUncoveredDomainControllerEvent) IsTimelineEvent 

func (TimelineUncoveredDomainControllerEvent) IsTimelineEvent()

func (TimelineUncoveredDomainControllerEvent) IsTimelineNotificationEvent 

func (TimelineUncoveredDomainControllerEvent) IsTimelineNotificationEvent()

type TimelineUserEngagementChangedEvent 

type TimelineUserEngagementChangedEvent interface {
	IsTimelineUserEngagementChangedEvent()
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	GetSystemComponent() SystemComponent
	GetSystemUser() *SystemUser
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
}

A common interface for all events exposed by the `timeline` API.

type TimelineUserOnEndpointActivityEvent 

type TimelineUserOnEndpointActivityEvent interface {
	IsTimelineUserOnEndpointActivityEvent()
	// If the activity is known to have occurred within an Active Directory site, this is set to the site's name.
	GetActiveDirectorySiteName() *string
	GetBrowserInfo() *BrowserInfo
	// The data source associated with this activity. Because the `DataSource`
	// enumeration contains some fallback values for generic sources,
	// `dataSourceVendorName` is provided as an alternative.
	GetDataSource() DataSource
	// A display-oriented label for the data source associated with the activity.
	GetDataSourceVendorName() *string
	GetDeviceName() *string
	// A display-oriented label reflecting the origin endpoint operating system, as
	// exposed by the `operatingSystemInfo` field. The semantics of this value are
	// not rrigorously restricted.
	// Therefore, the data is supposed to used programmatically, it is always
	// recommended to project the underlying `operatingSystemInfo` field instead.
	GetDeviceType() *string
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	GetEndTime() string
	// A display-oriented label reflecting the best available display name for the
	// origin endpoint. `EndpointEntity:primaryDisplayName` is used if available,
	// otherwise either `hostName` or `ipAddress` may be used as a fallback option.
	GetEndpointDisplayName() *string
	// The origin endpoint entity associated with the activity, if available. Note
	// that `endpointDisplayName` is available even when the entity is unknown.
	GetEndpointEntity() *EndpointEntity
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	GetEventID() string
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	GetEventLabel() string
	// The event severity. Defaults to `NEUTRAL`.
	GetEventSeverity() TimelineEventSeverity
	// The event type.
	GetEventType() TimelineEventType
	// The geolocation associated with the activity, if any.
	GetGeoLocation() *GeoLocation
	// The origin endpoint host name.
	GetHostName() *string
	// The origin endpoint IP address, if available.
	GetIPAddress() *string
	GetIPAddressReputations() []IPReputation
	GetIspClassification() *IspClassification
	GetIspDomain() *string
	GetLdapSecurityType() *LdapSecurityType
	// If `true`, `userEntity` is associated with `geoLocation` by a `BindingType:GEO_LOCATION` `association`.
	//
	// Returns `null` if no location data is available for this activity or if the
	// user associated with this activity couldn't be correlated with a user entity.
	GetLocationAssociatedWithUser() *bool
	// The subnet label, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	GetNetworkTag() *string
	// The subnet type, as defined in the system configuration, associated with the
	// origin endpoint IP address at the time the activity was performed.
	GetNetworkType() NetworkType
	// Information about the origin endpoint operating system.
	GetOperatingSystemInfo() *OperatingSystemInfo
	// The primary network protocol used for performing the activity.
	GetProtocolType() ProtocolType
	GetProtocolVersion() *string
	// A connection of related events.
	GetRelatedEvents() *TimelineEventConnection
	GetSourceEntity() UserOrEndpointEntity
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	GetStartTime() string
	// The target endpoint associated with this activity (such as a domain controller), if any.
	GetTargetEndpointEntity() *EndpointEntity
	// The target service entity.
	GetTargetEntity() Entity
	GetTargetServiceDescription() *string
	GetTargetServiceDisplayName() *string
	// The target service raw identifier.
	GetTargetServiceIdentifier() *string
	// A classification value of the service accessed, based on the raw identifier
	// (`targetServiceIdentifier`) and the target entity (`targetServiceEntity`).
	GetTargetServiceType() *ServiceType
	// The event start time. This is the primary sort-key in `timeline` queries.
	GetTimestamp() string
	GetTLSVersion() *TLSVersion
	// A display-oriented label of the best available display name for the user
	// associated with this event. `UserEntity:primaryDisplayName` is used if
	// available. Otherwise, the raw user identifier used for performing this
	// activity is applied.
	GetUserDisplayName() string
	// The user entity associated with the activity, if available. Note that
	// `userDisplayName` is available even when the entity is unknown.
	GetUserEntity() *UserEntity
}

A `TimelineEvent` interface common to `timeline` events related to end user activity on endpoints, such as authentication and service access activities. This is the primary interface to be used in projections when querying the timeline for `user` activities.

When available, the user and endpoint `Entity` data is exposed through the corresponding fields. However, in some cases the data regarding the user or endpoint may be too limited to be associated with particular entities. For example, a `FAILED_AUTHENTICATION` event may be a result of a misspelled user name, and a `SUCCESSFUL_AUTHENTICATION` may originate outside the organization, limiting the available data about the source endpoint. For this reason, additional fields exposing more elementary data are also available, alongside the `Entity` fields.

type TimelineWeakPasswordEvent 

type TimelineWeakPasswordEvent struct {
	// The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.
	EndTime string `json:"endTime"`
	// The `Entity` associated with this event.
	Entity Entity `json:"entity"`
	// A unique identifier for the event. The event ID can later be used either to
	// re-fetch the event or to query related events using the  `relatedTo`
	// `timeline` query argument.
	EventID string `json:"eventId"`
	// The display name for the event. This is typically based on the event type, but
	// may also depend on additional data, such as the event data source. There are
	// no strict guidelines for the semantics or structure of this value for each
	// event type, and they may change at any time. **This is merely a display value
	// and it should be treated as such. For programmatic purposes, always prefer the
	// raw data fields.**
	EventLabel string `json:"eventLabel"`
	// The event severity. Defaults to `NEUTRAL`.
	EventSeverity TimelineEventSeverity `json:"eventSeverity"`
	// The event type.
	EventType TimelineEventType `json:"eventType"`
	// A connection of related events.
	RelatedEvents *TimelineEventConnection `json:"relatedEvents,omitempty"`
	// An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.
	StartTime string `json:"startTime"`
	// The event start time. This is the primary sort-key in `timeline` queries.
	Timestamp string `json:"timestamp"`
}

A `timeline` event indicating that the system has detected a weak password set for some user.

func (TimelineWeakPasswordEvent) GetEndTime 

func (this TimelineWeakPasswordEvent) GetEndTime() string

The event end time. For non-continuous events, its value is identical with `startTime` and `timestamp`.

func (TimelineWeakPasswordEvent) GetEntity 

func (this TimelineWeakPasswordEvent) GetEntity() Entity

The `Entity` associated with this event.

func (TimelineWeakPasswordEvent) GetEventID 

func (this TimelineWeakPasswordEvent) GetEventID() string

A unique identifier for the event. The event ID can later be used either to re-fetch the event or to query related events using the `relatedTo` `timeline` query argument.

func (TimelineWeakPasswordEvent) GetEventLabel 

func (this TimelineWeakPasswordEvent) GetEventLabel() string

The display name for the event. This is typically based on the event type, but may also depend on additional data, such as the event data source. There are no strict guidelines for the semantics or structure of this value for each event type, and they may change at any time. **This is merely a display value and it should be treated as such. For programmatic purposes, always prefer the raw data fields.**

func (TimelineWeakPasswordEvent) GetEventSeverity 

func (this TimelineWeakPasswordEvent) GetEventSeverity() TimelineEventSeverity

The event severity. Defaults to `NEUTRAL`.

func (TimelineWeakPasswordEvent) GetEventType 

func (this TimelineWeakPasswordEvent) GetEventType() TimelineEventType

The event type.

func (TimelineWeakPasswordEvent) GetRelatedEvents 

func (this TimelineWeakPasswordEvent) GetRelatedEvents() *TimelineEventConnection

A connection of related events.

func (TimelineWeakPasswordEvent) GetStartTime 

func (this TimelineWeakPasswordEvent) GetStartTime() string

An alias for the `timestamp` field. Use it in conjunction with `endTime` for continuous events.

func (TimelineWeakPasswordEvent) GetTimestamp 

func (this TimelineWeakPasswordEvent) GetTimestamp() string

The event start time. This is the primary sort-key in `timeline` queries.

func (TimelineWeakPasswordEvent) IsTimelineEntityEvent 

func (TimelineWeakPasswordEvent) IsTimelineEntityEvent()

func (TimelineWeakPasswordEvent) IsTimelineEvent 

func (TimelineWeakPasswordEvent) IsTimelineEvent()

type TrafficInspectionExclusionListInput 

type TrafficInspectionExclusionListInput struct {
	IP       string                                  `json:"ip"`
	Port     *int                                    `json:"port,omitempty"`
	Protocol *TrafficInspectionExclusionListProtocol `json:"protocol,omitempty"`
}

type TrafficInspectionExclusionListProtocol 

type TrafficInspectionExclusionListProtocol string
const (
	TrafficInspectionExclusionListProtocolTCP TrafficInspectionExclusionListProtocol = "TCP"
	TrafficInspectionExclusionListProtocolUDP TrafficInspectionExclusionListProtocol = "UDP"
)

func (TrafficInspectionExclusionListProtocol) IsValid 

func (e TrafficInspectionExclusionListProtocol) IsValid() bool

func (TrafficInspectionExclusionListProtocol) MarshalGQL 

func (e TrafficInspectionExclusionListProtocol) MarshalGQL(w io.Writer)

func (TrafficInspectionExclusionListProtocol) String 

func (e TrafficInspectionExclusionListProtocol) String() string

func (*TrafficInspectionExclusionListProtocol) UnmarshalGQL 

func (e *TrafficInspectionExclusionListProtocol) UnmarshalGQL(v interface{}) error

type TrafficInspectionExclusionListStatus 

type TrafficInspectionExclusionListStatus string
const (
	TrafficInspectionExclusionListStatusActive        TrafficInspectionExclusionListStatus = "ACTIVE"
	TrafficInspectionExclusionListStatusPendingAdd    TrafficInspectionExclusionListStatus = "PENDING_ADD"
	TrafficInspectionExclusionListStatusPendingRemove TrafficInspectionExclusionListStatus = "PENDING_REMOVE"
	TrafficInspectionExclusionListStatusFailedAdd     TrafficInspectionExclusionListStatus = "FAILED_ADD"
)

func (TrafficInspectionExclusionListStatus) IsValid 

func (e TrafficInspectionExclusionListStatus) IsValid() bool

func (TrafficInspectionExclusionListStatus) MarshalGQL 

func (e TrafficInspectionExclusionListStatus) MarshalGQL(w io.Writer)

func (TrafficInspectionExclusionListStatus) String 

func (e TrafficInspectionExclusionListStatus) String() string

func (*TrafficInspectionExclusionListStatus) UnmarshalGQL 

func (e *TrafficInspectionExclusionListStatus) UnmarshalGQL(v interface{}) error

type UnconstrainedServiceDelegationAdminRole 

type UnconstrainedServiceDelegationAdminRole struct {
	AffectedEntities                 []Entity       `json:"affectedEntities"`
	AuthorizingContainingEntitiesIds []string       `json:"authorizingContainingEntitiesIds"`
	AuthorizingGroupIds              []string       `json:"authorizingGroupIds"`
	Builtin                          bool           `json:"builtin"`
	Confirmed                        bool           `json:"confirmed"`
	EffectedEntityIds                []string       `json:"effectedEntityIds,omitempty"`
	FullPath                         *string        `json:"fullPath,omitempty"`
	Probability                      *float64       `json:"probability,omitempty"`
	Type                             EntityRoleType `json:"type"`
}

func (UnconstrainedServiceDelegationAdminRole) GetAffectedEntities 

func (this UnconstrainedServiceDelegationAdminRole) GetAffectedEntities() []Entity

func (UnconstrainedServiceDelegationAdminRole) GetAuthorizingContainingEntitiesIds 

func (this UnconstrainedServiceDelegationAdminRole) GetAuthorizingContainingEntitiesIds() []string

func (UnconstrainedServiceDelegationAdminRole) GetAuthorizingGroupIds 

func (this UnconstrainedServiceDelegationAdminRole) GetAuthorizingGroupIds() []string

func (UnconstrainedServiceDelegationAdminRole) GetBuiltin 

func (this UnconstrainedServiceDelegationAdminRole) GetBuiltin() bool

func (UnconstrainedServiceDelegationAdminRole) GetConfirmed 

func (this UnconstrainedServiceDelegationAdminRole) GetConfirmed() bool

func (UnconstrainedServiceDelegationAdminRole) GetEffectedEntityIds 

func (this UnconstrainedServiceDelegationAdminRole) GetEffectedEntityIds() []string

func (UnconstrainedServiceDelegationAdminRole) GetFullPath 

func (this UnconstrainedServiceDelegationAdminRole) GetFullPath() *string

func (UnconstrainedServiceDelegationAdminRole) GetProbability 

func (this UnconstrainedServiceDelegationAdminRole) GetProbability() *float64

func (UnconstrainedServiceDelegationAdminRole) GetType 

func (this UnconstrainedServiceDelegationAdminRole) GetType() EntityRoleType

func (UnconstrainedServiceDelegationAdminRole) IsAdminAccountRole 

func (UnconstrainedServiceDelegationAdminRole) IsAdminAccountRole()

func (UnconstrainedServiceDelegationAdminRole) IsEffectiveAdminRole 

func (UnconstrainedServiceDelegationAdminRole) IsEffectiveAdminRole()

func (UnconstrainedServiceDelegationAdminRole) IsEntityRole 

func (UnconstrainedServiceDelegationAdminRole) IsEntityRole()

func (UnconstrainedServiceDelegationAdminRole) IsServiceDelegationAdminRole 

func (UnconstrainedServiceDelegationAdminRole) IsServiceDelegationAdminRole()

type UserAccountControlFlags 

type UserAccountControlFlags string
const (
	UserAccountControlFlagsScript                     UserAccountControlFlags = "SCRIPT"
	UserAccountControlFlagsAccountdisable             UserAccountControlFlags = "ACCOUNTDISABLE"
	UserAccountControlFlagsHomedirRequired            UserAccountControlFlags = "HOMEDIR_REQUIRED"
	UserAccountControlFlagsLockout                    UserAccountControlFlags = "LOCKOUT"
	UserAccountControlFlagsPasswdNotreqd              UserAccountControlFlags = "PASSWD_NOTREQD"
	UserAccountControlFlagsPasswdCantChange           UserAccountControlFlags = "PASSWD_CANT_CHANGE"
	UserAccountControlFlagsEncryptedTextPwdAllowed    UserAccountControlFlags = "ENCRYPTED_TEXT_PWD_ALLOWED"
	UserAccountControlFlagsTempDuplicateAccount       UserAccountControlFlags = "TEMP_DUPLICATE_ACCOUNT"
	UserAccountControlFlagsNormalAccount              UserAccountControlFlags = "NORMAL_ACCOUNT"
	UserAccountControlFlagsInterdomainTrustAccount    UserAccountControlFlags = "INTERDOMAIN_TRUST_ACCOUNT"
	UserAccountControlFlagsWorkstationTrustAccount    UserAccountControlFlags = "WORKSTATION_TRUST_ACCOUNT"
	UserAccountControlFlagsServerTrustAccount         UserAccountControlFlags = "SERVER_TRUST_ACCOUNT"
	UserAccountControlFlagsDontExpirePassword         UserAccountControlFlags = "DONT_EXPIRE_PASSWORD"
	UserAccountControlFlagsMnsLogonAccount            UserAccountControlFlags = "MNS_LOGON_ACCOUNT"
	UserAccountControlFlagsSmartcardRequired          UserAccountControlFlags = "SMARTCARD_REQUIRED"
	UserAccountControlFlagsTrustedForDelegation       UserAccountControlFlags = "TRUSTED_FOR_DELEGATION"
	UserAccountControlFlagsNotDelegated               UserAccountControlFlags = "NOT_DELEGATED"
	UserAccountControlFlagsUseDesKeyOnly              UserAccountControlFlags = "USE_DES_KEY_ONLY"
	UserAccountControlFlagsDontReqPreauth             UserAccountControlFlags = "DONT_REQ_PREAUTH"
	UserAccountControlFlagsPasswordExpired            UserAccountControlFlags = "PASSWORD_EXPIRED"
	UserAccountControlFlagsTrustedToAuthForDelegation UserAccountControlFlags = "TRUSTED_TO_AUTH_FOR_DELEGATION"
	UserAccountControlFlagsPartialSecretsAccount      UserAccountControlFlags = "PARTIAL_SECRETS_ACCOUNT"
)

func (UserAccountControlFlags) IsValid 

func (e UserAccountControlFlags) IsValid() bool

func (UserAccountControlFlags) MarshalGQL 

func (e UserAccountControlFlags) MarshalGQL(w io.Writer)

func (UserAccountControlFlags) String 

func (e UserAccountControlFlags) String() string

func (*UserAccountControlFlags) UnmarshalGQL 

func (e *UserAccountControlFlags) UnmarshalGQL(v interface{}) error

type UserAccountDescriptor 

type UserAccountDescriptor interface {
	IsUserAccountDescriptor()
	// If `true`, the account no longer exists; if `false`, the account is currently enabled.
	GetArchived() bool
	GetContainingEntities() []*EntityContainerEntity
	GetCreationTime() string
	// The data source of this account. Together with the entity type, the data
	// source determines the account descriptor subtype to be used.
	GetDataSource() DataSource
	GetDepartment() *string
	GetDescription() *string
	// If `true`, the account is currently enabled; if `false`, the account no longer exists.
	GetEnabled() bool
	GetPasswordAttributes() PasswordAttributes
	GetTitle() *string
}

An account descriptor provides data associated with an external entity source, such as an entry in an identity management system.

type UserEntity 

type UserEntity struct {
	// A list of external, elementary account descriptors used to construct this
	// entity. For instance, the list for a `UserEntity` which is backed by an LDAP
	// domain entry and an IDAAS account will include
	// `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.
	Accounts []AccountDescriptor `json:"accounts"`
	// If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.
	//
	// For entities derived with external data sources, such as LDAP users, an entity
	// is considered archived if its primary account (see `Entity:primaryAccount` is
	// deleted. Entities not associated with any external sources, such as unmanaged
	// endpoints, may also be archived based on a long period of inactivity. Except
	// the `archived` attribute itself, no other attribute of an archived entity is
	// updated. The attributes of an archived entity represent the state of the
	// entity at the time when it was archived.
	Archived bool `json:"archived"`
	// A list of associations of various types (see `Association:bindingType`) that
	// this entity has with other objects, most commonly with other entities. For
	// example, a `UserEntity` may have an `OWNERSHIP` association with an
	// `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`.
	// The semantics for each association type are detailed in `BindingType`.
	Associations     []Association `json:"associations"`
	AuthorizerEntity *UserEntity   `json:"authorizerEntity,omitempty"`
	CreationTime     string        `json:"creationTime"`
	// The date and time of the entity's earliest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	EarliestSeenTraffic *string `json:"earliestSeenTraffic,omitempty"`
	// The list of unique email addresses available for this entity from all known data sources.
	EmailAddresses []string `json:"emailAddresses"`
	// The entity's unique identifier.
	EntityID             string `json:"entityId"`
	HasADDomainAdminRole *bool  `json:"hasADDomainAdminRole,omitempty"`
	// A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.
	//
	// “`graphql
	// {
	//   entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
	//   {
	//     nodes
	//     {
	//       type
	//       primaryDisplayName
	//       ... on UserEntity
	//       {
	//         isHuman: hasRole(type: HumanUserAccountRole)
	//         isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
	//         isAdmin: hasRole(type: AdminAccountRole)
	//       }
	//       ... on EndpointEntity
	//       {
	//         isWorkstation: hasRole(type: WorkstationRole)
	//         isServer: hasRole(type: WorkstationRole)
	//       }
	//       isManuallyClassified: hasRole(confirmed: true)
	//     }
	//   }
	// }
	// “`
	HasRole *bool `json:"hasRole,omitempty"`
	// The latest calculated impact score for this entity.
	ImpactScore string `json:"impactScore"`
	// If `true`, the entity is inactive. An entity is considered inactive after 21
	// days since its latest recorded network activity (see `mostRecentActivity`).
	Inactive bool `json:"inactive"`
	// If `true`, the system has gathered enough information to consider this entity *learned*.
	Learned          bool      `json:"learned"`
	LinkedAccountIds []*string `json:"linkedAccountIds,omitempty"`
	// For marked entities, this is set to the last time the entity was marked.
	MarkTime *string `json:"markTime,omitempty"`
	// The date and time of the entity's latest recorded network activity. This takes
	// into account both the data reported by external sources and the actual traffic
	// seen by the system.
	MostRecentActivity *string `json:"mostRecentActivity,omitempty"`
	// Query open incidents for this entity.
	OpenIncidents *IncidentConnection `json:"openIncidents,omitempty"`
	// The primary display name representing this user in user-facing data. This is
	// derived from the explicit display name or an analogous attribute of the user's
	// primary account.
	PrimaryDisplayName string `json:"primaryDisplayName"`
	// A list of risk factors contributing to the overall risk of this entity, sorted
	// by `RiskFactorContribution:score` in descending order.
	RiskFactors []EntityRiskFactor `json:"riskFactors"`
	// The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).
	RiskScore string `json:"riskScore"`
	// The entity's risk score derived from `riskScore`.
	RiskScoreSeverity              ScoreSeverity `json:"riskScoreSeverity"`
	RiskScoreWithoutLinkedAccounts string        `json:"riskScoreWithoutLinkedAccounts"`
	// A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.
	//
	// For example, a `UserEntity` representing an *account operator* in an Active
	// Directory domain should have an `AccountOperatorsAdminRole` entry on this
	// list. Should the system later learn this privileged account is used by a
	// script rather than a human, its associated entity will also have a
	// `ProgrammaticUserAccountRole`. Similarly, when the system learns that some
	// `EndpointEntity` belongs to a VDI cluster, it tags it with a
	// `VdiEndpointRole`.The model for roles is hierarchical. For example, the
	// aforementioned `AccountOperatorsAdminRole` is a specialization of
	// `OperatorLevelAdminRole`, which by itself is a specialization of
	// `AdminAccountRole`.
	//
	// When roles are queried, this hierarchy is always taken into account.
	// Therefore, querying an entity about the existence of a role also implies that
	// all of its direct and indirect specializations will be queried too. This
	// hierarchy is completely reflected by GraphQL inheritance. For instance, you
	// can see that `ExchangeServerRole` implements `ApplicationServerRole`,  and
	// that the latter implements `ServerRole`.
	//
	// For your convenience, `EntityRole:fullPath` can be projected on the role
	// itself, reperesenting the role type ancestry as breadcrumbs. See
	// `EntityRoleType` for query examples.
	Roles []EntityRole `json:"roles,omitempty"`
	// The secondary display name is used to represent unique name for this entity in the organization or the network.
	SecondaryDisplayName string `json:"secondaryDisplayName"`
	// Returns `true` if the system considers this entity shared.
	Shared bool `json:"shared"`
	// If `true`, the entity is stale. An entity is considered stale after 90 days of
	// inactivity (see `mostRecentActivity`), as long as it is still effectively part
	// of the network. An account-based entity is not considered part of the network
	// when all of its base accounts are disabled (see `primaryAccount` and
	// `secondaryAccounts`).
	Stale bool `json:"stale"`
	// The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).
	Type EntityType `json:"type"`
	// If `true`, this entity appears on the system watchlist.
	Watched bool `json:"watched"`
}

A specialized `Entity` interface for users, used when `Entity:type` is `USER`.

Bear in mind that the entity type, as opposed to its classification, is a structural attribute. If you wish to differentiate between human and programmatic user entities, check their classification (see `roles` field).

func (UserEntity) GetAccounts 

func (this UserEntity) GetAccounts() []AccountDescriptor

A list of external, elementary account descriptors used to construct this entity. For instance, the list for a `UserEntity` which is backed by an LDAP domain entry and an IDAAS account will include `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.

func (UserEntity) GetArchived 

func (this UserEntity) GetArchived() bool

If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.

For entities derived with external data sources, such as LDAP users, an entity is considered archived if its primary account (see `Entity:primaryAccount` is deleted. Entities not associated with any external sources, such as unmanaged endpoints, may also be archived based on a long period of inactivity. Except the `archived` attribute itself, no other attribute of an archived entity is updated. The attributes of an archived entity represent the state of the entity at the time when it was archived.

func (UserEntity) GetAssociations 

func (this UserEntity) GetAssociations() []Association

A list of associations of various types (see `Association:bindingType`) that this entity has with other objects, most commonly with other entities. For example, a `UserEntity` may have an `OWNERSHIP` association with an `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`. The semantics for each association type are detailed in `BindingType`.

func (UserEntity) GetCreationTime 

func (this UserEntity) GetCreationTime() string

func (UserEntity) GetEarliestSeenTraffic 

func (this UserEntity) GetEarliestSeenTraffic() *string

The date and time of the entity's earliest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (UserEntity) GetEntityID 

func (this UserEntity) GetEntityID() string

The entity's unique identifier.

func (UserEntity) GetHasADDomainAdminRole 

func (this UserEntity) GetHasADDomainAdminRole() *bool

func (UserEntity) GetHasRole 

func (this UserEntity) GetHasRole() *bool

A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.

```graphql 

{
  entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
  {
    nodes
    {
      type
      primaryDisplayName
      ... on UserEntity
      {
        isHuman: hasRole(type: HumanUserAccountRole)
        isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
        isAdmin: hasRole(type: AdminAccountRole)
      }
      ... on EndpointEntity
      {
        isWorkstation: hasRole(type: WorkstationRole)
        isServer: hasRole(type: WorkstationRole)
      }
      isManuallyClassified: hasRole(confirmed: true)
    }
  }
}

```

func (UserEntity) GetImpactScore 

func (this UserEntity) GetImpactScore() string

The latest calculated impact score for this entity.

func (UserEntity) GetInactive 

func (this UserEntity) GetInactive() bool

If `true`, the entity is inactive. An entity is considered inactive after 21 days since its latest recorded network activity (see `mostRecentActivity`).

func (UserEntity) GetLearned 

func (this UserEntity) GetLearned() bool

If `true`, the system has gathered enough information to consider this entity *learned*.

func (UserEntity) GetMarkTime 

func (this UserEntity) GetMarkTime() *string

For marked entities, this is set to the last time the entity was marked.

func (UserEntity) GetMostRecentActivity 

func (this UserEntity) GetMostRecentActivity() *string

The date and time of the entity's latest recorded network activity. This takes into account both the data reported by external sources and the actual traffic seen by the system.

func (UserEntity) GetOpenIncidents 

func (this UserEntity) GetOpenIncidents() *IncidentConnection

Query open incidents for this entity.

func (UserEntity) GetPrimaryDisplayName 

func (this UserEntity) GetPrimaryDisplayName() string

The primary display name used to represent this entity in user-facing data.

The primary display name is typically shorter than the secondary display name, but is much less likely to be unique across the organization or network. For further details on the semantics, see the documentation for specific types.

func (UserEntity) GetRiskFactors 

func (this UserEntity) GetRiskFactors() []EntityRiskFactor

A list of risk factors contributing to the overall risk of this entity, sorted by `RiskFactorContribution:score` in descending order.

func (UserEntity) GetRiskScore 

func (this UserEntity) GetRiskScore() string

The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).

func (UserEntity) GetRiskScoreSeverity 

func (this UserEntity) GetRiskScoreSeverity() ScoreSeverity

The entity's risk score derived from `riskScore`.

func (UserEntity) GetRoles 

func (this UserEntity) GetRoles() []EntityRole

A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.

For example, a `UserEntity` representing an *account operator* in an Active Directory domain should have an `AccountOperatorsAdminRole` entry on this list. Should the system later learn this privileged account is used by a script rather than a human, its associated entity will also have a `ProgrammaticUserAccountRole`. Similarly, when the system learns that some `EndpointEntity` belongs to a VDI cluster, it tags it with a `VdiEndpointRole`.The model for roles is hierarchical. For example, the aforementioned `AccountOperatorsAdminRole` is a specialization of `OperatorLevelAdminRole`, which by itself is a specialization of `AdminAccountRole`.

When roles are queried, this hierarchy is always taken into account. Therefore, querying an entity about the existence of a role also implies that all of its direct and indirect specializations will be queried too. This hierarchy is completely reflected by GraphQL inheritance. For instance, you can see that `ExchangeServerRole` implements `ApplicationServerRole`, and that the latter implements `ServerRole`.

For your convenience, `EntityRole:fullPath` can be projected on the role itself, reperesenting the role type ancestry as breadcrumbs. See `EntityRoleType` for query examples.

func (UserEntity) GetSecondaryDisplayName 

func (this UserEntity) GetSecondaryDisplayName() string

The secondary display name is used to represent unique name for this entity in the organization or the network.

func (UserEntity) GetShared 

func (this UserEntity) GetShared() bool

Returns `true` if the system considers this entity shared.

func (UserEntity) GetStale 

func (this UserEntity) GetStale() bool

If `true`, the entity is stale. An entity is considered stale after 90 days of inactivity (see `mostRecentActivity`), as long as it is still effectively part of the network. An account-based entity is not considered part of the network when all of its base accounts are disabled (see `primaryAccount` and `secondaryAccounts`).

func (UserEntity) GetType 

func (this UserEntity) GetType() EntityType

The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).

func (UserEntity) GetWatched 

func (this UserEntity) GetWatched() bool

If `true`, this entity appears on the system watchlist.

func (UserEntity) IsActivityParticipatingEntity 

func (UserEntity) IsActivityParticipatingEntity()

func (UserEntity) IsEntity 

func (UserEntity) IsEntity()

func (UserEntity) IsUserOrEndpointEntity 

func (UserEntity) IsUserOrEndpointEntity()

type UserEntityClassification 

type UserEntityClassification string
const (
	UserEntityClassificationHuman        UserEntityClassification = "HUMAN"
	UserEntityClassificationProgrammatic UserEntityClassification = "PROGRAMMATIC"
	UserEntityClassificationExecutive    UserEntityClassification = "EXECUTIVE"
	UserEntityClassificationHoneytoken   UserEntityClassification = "HONEYTOKEN"
)

func (UserEntityClassification) IsValid 

func (e UserEntityClassification) IsValid() bool

func (UserEntityClassification) MarshalGQL 

func (e UserEntityClassification) MarshalGQL(w io.Writer)

func (UserEntityClassification) String 

func (e UserEntityClassification) String() string

func (*UserEntityClassification) UnmarshalGQL 

func (e *UserEntityClassification) UnmarshalGQL(v interface{}) error

type UserOrEndpointEntity 

type UserOrEndpointEntity interface {
	IsUserOrEndpointEntity()
	// A list of external, elementary account descriptors used to construct this
	// entity. For instance, the list for a `UserEntity` which is backed by an LDAP
	// domain entry and an IDAAS account will include
	// `ActiveDirectoryAccountDescriptor` and `SsoUserAccountDescriptor` entries.
	GetAccounts() []AccountDescriptor
	// If `true`, the system considers this entity *archived*. It means that the entity no longer exists and can only be viewed.
	//
	// For entities derived with external data sources, such as LDAP users, an entity
	// is considered archived if its primary account (see `Entity:primaryAccount` is
	// deleted. Entities not associated with any external sources, such as unmanaged
	// endpoints, may also be archived based on a long period of inactivity. Except
	// the `archived` attribute itself, no other attribute of an archived entity is
	// updated. The attributes of an archived entity represent the state of the
	// entity at the time when it was archived.
	GetArchived() bool
	// A list of associations of various types (see `Association:bindingType`) that
	// this entity has with other objects, most commonly with other entities. For
	// example, a `UserEntity` may have an `OWNERSHIP` association with an
	// `EndpointEntity`, alongside a `GEO_LOCATION` association with a `GeoLocation`.
	// The semantics for each association type are detailed in `BindingType`.
	GetAssociations() []Association
	GetCreationTime() string
	// The date and time of the entity's earliest recorded network activity. This
	// takes into account both the data reported by external sources and the actual
	// traffic seen by the system.
	GetEarliestSeenTraffic() *string
	// The entity's unique identifier.
	GetEntityID() string
	GetHasADDomainAdminRole() *bool
	// A convenience function that checks the `roles` field for the existence of at least one role matching the criteria.
	//
	// “`graphql
	// {
	//   entities(minRiskScoreSeverity: MEDIUM, archived: false, first: 5)
	//   {
	//     nodes
	//     {
	//       type
	//       primaryDisplayName
	//       ... on UserEntity
	//       {
	//         isHuman: hasRole(type: HumanUserAccountRole)
	//         isProgrammatic: hasRole(type: ProgrammaticUserAccountRole)
	//         isAdmin: hasRole(type: AdminAccountRole)
	//       }
	//       ... on EndpointEntity
	//       {
	//         isWorkstation: hasRole(type: WorkstationRole)
	//         isServer: hasRole(type: WorkstationRole)
	//       }
	//       isManuallyClassified: hasRole(confirmed: true)
	//     }
	//   }
	// }
	// “`
	GetHasRole() *bool
	// The latest calculated impact score for this entity.
	GetImpactScore() string
	// If `true`, the entity is inactive. An entity is considered inactive after 21
	// days since its latest recorded network activity (see `mostRecentActivity`).
	GetInactive() bool
	// If `true`, the system has gathered enough information to consider this entity *learned*.
	GetLearned() bool
	// For marked entities, this is set to the last time the entity was marked.
	GetMarkTime() *string
	// The date and time of the entity's latest recorded network activity. This takes
	// into account both the data reported by external sources and the actual traffic
	// seen by the system.
	GetMostRecentActivity() *string
	// Query open incidents for this entity.
	GetOpenIncidents() *IncidentConnection
	// The primary display name used to represent this entity in user-facing data.
	//
	// The primary display name is typically shorter than the secondary display name,
	// but is much less likely to be unique across the organization or network. For
	// further details on the semantics, see the documentation for specific types.
	GetPrimaryDisplayName() string
	// A list of risk factors contributing to the overall risk of this entity, sorted
	// by `RiskFactorContribution:score` in descending order.
	GetRiskFactors() []EntityRiskFactor
	// The entity's risk score represented as a number from 0 (no or unknown risk) through 1 (maximum risk).
	GetRiskScore() string
	// The entity's risk score derived from `riskScore`.
	GetRiskScoreSeverity() ScoreSeverity
	// A list of roles fulfilled by this entity, each defining the entity's classification or organizational-function aspect.
	//
	// For example, a `UserEntity` representing an *account operator* in an Active
	// Directory domain should have an `AccountOperatorsAdminRole` entry on this
	// list. Should the system later learn this privileged account is used by a
	// script rather than a human, its associated entity will also have a
	// `ProgrammaticUserAccountRole`. Similarly, when the system learns that some
	// `EndpointEntity` belongs to a VDI cluster, it tags it with a
	// `VdiEndpointRole`.The model for roles is hierarchical. For example, the
	// aforementioned `AccountOperatorsAdminRole` is a specialization of
	// `OperatorLevelAdminRole`, which by itself is a specialization of
	// `AdminAccountRole`.
	//
	// When roles are queried, this hierarchy is always taken into account.
	// Therefore, querying an entity about the existence of a role also implies that
	// all of its direct and indirect specializations will be queried too. This
	// hierarchy is completely reflected by GraphQL inheritance. For instance, you
	// can see that `ExchangeServerRole` implements `ApplicationServerRole`,  and
	// that the latter implements `ServerRole`.
	//
	// For your convenience, `EntityRole:fullPath` can be projected on the role
	// itself, reperesenting the role type ancestry as breadcrumbs. See
	// `EntityRoleType` for query examples.
	GetRoles() []EntityRole
	// The secondary display name is used to represent unique name for this entity in the organization or the network.
	GetSecondaryDisplayName() string
	// Returns `true` if the system considers this entity shared.
	GetShared() bool
	// If `true`, the entity is stale. An entity is considered stale after 90 days of
	// inactivity (see `mostRecentActivity`), as long as it is still effectively part
	// of the network. An account-based entity is not considered part of the network
	// when all of its base accounts are disabled (see `primaryAccount` and
	// `secondaryAccounts`).
	GetStale() bool
	// The entity type, which also determines the specialized Entity subclass to be returned (see `EntityType`).
	GetType() EntityType
	// If `true`, this entity appears on the system watchlist.
	GetWatched() bool
}

An abstract `Entity` interface similar to `UserEntity` and `EndpointEntity`. It is used to simplify common projections.

type UsesLocallyAdministratedMachinesRiskFactor 

type UsesLocallyAdministratedMachinesRiskFactor struct {
	LocallyAdministratedMachines []*EndpointEntity `json:"locallyAdministratedMachines"`
	Score                        string            `json:"score"`
	Severity                     ScoreSeverity     `json:"severity"`
	Type                         RiskFactorType    `json:"type"`
}

func (UsesLocallyAdministratedMachinesRiskFactor) GetScore 

func (this UsesLocallyAdministratedMachinesRiskFactor) GetScore() string

func (UsesLocallyAdministratedMachinesRiskFactor) GetSeverity 

func (this UsesLocallyAdministratedMachinesRiskFactor) GetSeverity() ScoreSeverity

func (UsesLocallyAdministratedMachinesRiskFactor) GetType 

func (this UsesLocallyAdministratedMachinesRiskFactor) GetType() RiskFactorType

func (UsesLocallyAdministratedMachinesRiskFactor) IsEntityRiskFactor 

func (UsesLocallyAdministratedMachinesRiskFactor) IsEntityRiskFactor()

type VdiEndpointRole 

type VdiEndpointRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (VdiEndpointRole) GetConfirmed 

func (this VdiEndpointRole) GetConfirmed() bool

func (VdiEndpointRole) GetFullPath 

func (this VdiEndpointRole) GetFullPath() *string

func (VdiEndpointRole) GetProbability 

func (this VdiEndpointRole) GetProbability() *float64

func (VdiEndpointRole) GetType 

func (this VdiEndpointRole) GetType() EntityRoleType

func (VdiEndpointRole) IsClassificationRole 

func (VdiEndpointRole) IsClassificationRole()

func (VdiEndpointRole) IsEntityRole 

func (VdiEndpointRole) IsEntityRole()

type WorkstationRole 

type WorkstationRole struct {
	Confirmed   bool           `json:"confirmed"`
	FullPath    *string        `json:"fullPath,omitempty"`
	Probability *float64       `json:"probability,omitempty"`
	Type        EntityRoleType `json:"type"`
}

func (WorkstationRole) GetConfirmed 

func (this WorkstationRole) GetConfirmed() bool

func (WorkstationRole) GetFullPath 

func (this WorkstationRole) GetFullPath() *string

func (WorkstationRole) GetProbability 

func (this WorkstationRole) GetProbability() *float64

func (WorkstationRole) GetType 

func (this WorkstationRole) GetType() EntityRoleType

func (WorkstationRole) IsClassificationRole 

func (WorkstationRole) IsClassificationRole()

func (WorkstationRole) IsEntityRole 

func (WorkstationRole) IsEntityRole()

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.