Azure · openapi-sdkautomation · Nov 15, 2020
diff --git a/src/securityinsight/HISTORY.rst b/src/securityinsight/HISTORY.rst
@@ -0,0 +1,8 @@
+.. :changelog:
+
+Release History
+===============
+
+0.1.0
+++++++
+* Initial release.
diff --git a/src/securityinsight/README.md b/src/securityinsight/README.md
@@ -0,0 +1,184 @@
+# Azure CLI sentinel Extension #
+This is the extension for sentinel
+
+### How to use ###
+Install this extension using the below CLI command
+```
+az extension add --name sentinel
+```
+
+### Included Features ###
+#### sentinel alert-rule ####
+##### Create #####
+```
+az sentinel alert-rule create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \
+    --logic-app-resource-id "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" \
+    --trigger-uri "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature" \
+    --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \
+    --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel alert-rule show --resource-group "myRg" --rule-id "myFirstFusionRule" --workspace-name "myWorkspace"
+```
+##### Show #####
+```
+az sentinel alert-rule show --resource-group "myRg" --rule-id "microsoftSecurityIncidentCreationRuleExample" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel alert-rule show --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
+    --workspace-name "myWorkspace" 
+```
+##### List #####
+```
+az sentinel alert-rule list --resource-group "myRg" --workspace-name "myWorkspace"
+```
+##### Get-action #####
+```
+az sentinel alert-rule get-action --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \
+    --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" 
+```
+##### Delete #####
+```
+az sentinel alert-rule delete --action-id "912bec42-cb66-4c03-ac63-1761b6898c3e" --resource-group "myRg" \
+    --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --workspace-name "myWorkspace" 
+```
+#### sentinel action ####
+##### List #####
+```
+az sentinel action list --resource-group "myRg" --rule-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
+    --workspace-name "myWorkspace" 
+```
+#### sentinel alert-rule-template ####
+##### List #####
+```
+az sentinel alert-rule-template list --resource-group "myRg" --workspace-name "myWorkspace"
+```
+##### Show #####
+```
+az sentinel alert-rule-template show --alert-rule-template-id "65360bb0-8986-4ade-a89d-af3cf44d28aa" \
+    --resource-group "myRg" --workspace-name "myWorkspace" 
+```
+#### sentinel bookmark ####
+##### Create #####
+```
+az sentinel bookmark create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" --created "2019-01-01T13:15:30Z" \
+    --display-name "My bookmark" --labels "Tag1" --labels "Tag2" --notes "Found a suspicious activity" \
+    --query "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)" \
+    --query-result "Security Event query result" --updated "2019-01-01T13:15:30Z" \
+    --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel bookmark show --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### List #####
+```
+az sentinel bookmark list --resource-group "myRg" --workspace-name "myWorkspace"
+```
+##### Delete #####
+```
+az sentinel bookmark delete --bookmark-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+#### sentinel data-connector ####
+##### Create #####
+```
+az sentinel data-connector create \
+    --office-data-connector etag="\\"0300bf09-0000-0000-0000-5c37296e0000\\"" tenant-id="2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" \
+    --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "b96d014d-b5c2-4a01-9aba-a8058f629d42" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "06b3ccb8-1384-4bcc-aec7-852f6d57161b" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "07e42cb3-e658-4e90-801c-efa0f29d3d44" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "c345bf40-8509-4ed2-b947-50cb773aaf04" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel data-connector show --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### List #####
+```
+az sentinel data-connector list --resource-group "myRg" --workspace-name "myWorkspace"
+```
+##### Delete #####
+```
+az sentinel data-connector delete --data-connector-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+#### sentinel incident ####
+##### Create #####
+```
+az sentinel incident create --etag "\\"0300bf09-0000-0000-0000-5c37296e0000\\"" \
+    --description "This is a demo incident" --classification "FalsePositive" \
+    --classification-comment "Not a malicious activity" --classification-reason "IncorrectAlertLogic" \
+    --first-activity-time-utc "2019-01-01T13:00:30Z" --last-activity-time-utc "2019-01-01T13:05:30Z" \
+    --owner object-id="2046feea-040d-4a46-9e2b-91c2941bfa70" --severity "High" --status "Closed" --title "My incident" \
+    --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel incident show --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### List #####
+```
+az sentinel incident list --orderby "properties/createdTimeUtc desc" --top 1 --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+##### Delete #####
+```
+az sentinel incident delete --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
+#### sentinel incident-comment ####
+##### Create #####
+```
+az sentinel incident-comment create --message "Some message" \
+    --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" \
+    --resource-group "myRg" --workspace-name "myWorkspace" 
+```
+##### Show #####
+```
+az sentinel incident-comment show --incident-comment-id "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" \
+    --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" --workspace-name "myWorkspace" 
+```
+##### List #####
+```
+az sentinel incident-comment list --incident-id "73e01a99-5cd7-4139-a149-9f2736ff2ab5" --resource-group "myRg" \
+    --workspace-name "myWorkspace" 
+```
diff --git a/src/securityinsight/azext_sentinel/__init__.py b/src/securityinsight/azext_sentinel/__init__.py
@@ -0,0 +1,50 @@
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from azure.cli.core import AzCommandsLoader
+from azext_sentinel.generated._help import helps  # pylint: disable=unused-import
+try:
+    from azext_sentinel.manual._help import helps  # pylint: disable=reimported
+except ImportError:
+    pass
+
+
+class SecurityInsightsCommandsLoader(AzCommandsLoader):
+
+    def __init__(self, cli_ctx=None):
+        from azure.cli.core.commands import CliCommandType
+        from azext_sentinel.generated._client_factory import cf_sentinel_cl
+        sentinel_custom = CliCommandType(
+            operations_tmpl='azext_sentinel.custom#{}',
+            client_factory=cf_sentinel_cl)
+        parent = super(SecurityInsightsCommandsLoader, self)
+        parent.__init__(cli_ctx=cli_ctx, custom_command_type=sentinel_custom)
+
+    def load_command_table(self, args):
+        from azext_sentinel.generated.commands import load_command_table
+        load_command_table(self, args)
+        try:
+            from azext_sentinel.manual.commands import load_command_table as load_command_table_manual
+            load_command_table_manual(self, args)
+        except ImportError:
+            pass
+        return self.command_table
+
+    def load_arguments(self, command):
+        from azext_sentinel.generated._params import load_arguments
+        load_arguments(self, command)
+        try:
+            from azext_sentinel.manual._params import load_arguments as load_arguments_manual
+            load_arguments_manual(self, command)
+        except ImportError:
+            pass
+
+
+COMMAND_LOADER_CLS = SecurityInsightsCommandsLoader
diff --git a/src/securityinsight/azext_sentinel/action.py b/src/securityinsight/azext_sentinel/action.py
@@ -0,0 +1,17 @@
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+# pylint: disable=wildcard-import
+# pylint: disable=unused-wildcard-import
+
+from .generated.action import *  # noqa: F403
+try:
+    from .manual.action import *  # noqa: F403
+except ImportError:
+    pass
diff --git a/src/securityinsight/azext_sentinel/azext_metadata.json b/src/securityinsight/azext_sentinel/azext_metadata.json
@@ -0,0 +1,4 @@
+{
+    "azext.isExperimental": true,
+    "azext.minCliCoreVersion": "2.11.0"
+}
diff --git a/src/securityinsight/azext_sentinel/custom.py b/src/securityinsight/azext_sentinel/custom.py
@@ -0,0 +1,17 @@
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+# pylint: disable=wildcard-import
+# pylint: disable=unused-wildcard-import
+
+from .generated.custom import *  # noqa: F403
+try:
+    from .manual.custom import *  # noqa: F403
+except ImportError:
+    pass
diff --git a/src/securityinsight/azext_sentinel/generated/__init__.py b/src/securityinsight/azext_sentinel/generated/__init__.py
@@ -0,0 +1,12 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+__path__ = __import__('pkgutil').extend_path(__path__, __name__)
diff --git a/src/securityinsight/azext_sentinel/generated/_client_factory.py b/src/securityinsight/azext_sentinel/generated/_client_factory.py
@@ -0,0 +1,44 @@
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+
+def cf_sentinel_cl(cli_ctx, *_):
+    from azure.cli.core.commands.client_factory import get_mgmt_service_client
+    from ..vendored_sdks.securityinsight import SecurityInsights
+    return get_mgmt_service_client(cli_ctx,
+                                   SecurityInsights)
+
+
+def cf_alert_rule(cli_ctx, *_):
+    return cf_sentinel_cl(cli_ctx).alert_rule
+
+
+def cf_action(cli_ctx, *_):
+    return cf_sentinel_cl(cli_ctx).action
+
+
+def cf_alert_rule_template(cli_ctx, *_):
+    return cf_sentinel_cl(cli_ctx).alert_rule_template
+
+
+def cf_bookmark(cli_ctx, *_):
+    return cf_sentinel_cl(cli_ctx).bookmark
+
+
+def cf_data_connector(cli_ctx, *_):
+    return cf_sentinel_cl(cli_ctx).data_connector
+
+
+def cf_incident(cli_ctx, *_):
+    return cf_sentinel_cl(cli_ctx).incident
+
+
+def cf_incident_comment(cli_ctx, *_):
+    return cf_sentinel_cl(cli_ctx).incident_comment