From 5975cad0fdfabd6837c0322b91960c134d96b31a Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Mon, 19 Jun 2023 17:25:28 -0700 Subject: [PATCH 01/10] Adds base for updating Microsoft.SecurityInsights from version preview/2023-06-01-preview to version 2023-07-01-preview --- .../2023-07-01-preview/AlertRules.json | 2543 ++++++++++++++ .../2023-07-01-preview/AutomationRules.json | 1495 ++++++++ .../2023-07-01-preview/BillingStatistics.json | 226 ++ .../preview/2023-07-01-preview/Bookmarks.json | 751 ++++ .../2023-07-01-preview/ContentPackages.json | 453 +++ .../ContentProductPackages.json | 297 ++ .../ContentProductTemplates.json | 298 ++ .../2023-07-01-preview/ContentTemplates.json | 400 +++ .../2023-07-01-preview/Enrichment.json | 381 ++ .../preview/2023-07-01-preview/Entities.json | 1556 ++++++++ .../2023-07-01-preview/EntityQueries.json | 507 +++ .../EntityQueryTemplates.json | 304 ++ .../2023-07-01-preview/FileImports.json | 564 +++ .../preview/2023-07-01-preview/Hunts.json | 992 ++++++ .../preview/2023-07-01-preview/Incidents.json | 1658 +++++++++ .../preview/2023-07-01-preview/Metadata.json | 824 +++++ .../2023-07-01-preview/OfficeConsents.json | 234 ++ .../2023-07-01-preview/OnboardingStates.json | 284 ++ .../2023-07-01-preview/Recommendations.json | 564 +++ .../SecurityMLAnalyticsSettings.json | 444 +++ .../preview/2023-07-01-preview/Settings.json | 423 +++ .../2023-07-01-preview/SourceControls.json | 971 +++++ .../ThreatIntelligence.json | 1097 ++++++ .../TriggeredAnalyticsRuleRuns.json | 353 ++ .../2023-07-01-preview/Watchlists.json | 721 ++++ .../WorkspaceManagerAssignments.json | 737 ++++ .../WorkspaceManagerConfigurations.json | 323 ++ .../WorkspaceManagerGroups.json | 318 ++ .../WorkspaceManagerMembers.json | 310 ++ .../2023-07-01-preview/common/AlertTypes.json | 81 + .../common/ContentCommonTypes.json | 429 +++ .../common/EntityTypes.json | 2550 ++++++++++++++ .../common/IncidentTypes.json | 246 ++ .../common/RelationTypes.json | 95 + .../common/ThreatIntelligenceTypes.json | 48 + .../2023-07-01-preview/dataConnectors.json | 3118 +++++++++++++++++ .../actions/CreateActionOfAlertRule.json | 43 + .../actions/DeleteActionOfAlertRule.json | 14 + .../actions/GetActionOfAlertRuleById.json | 24 + .../actions/GetAllActionsByAlertRule.json | 27 + .../GetAlertRuleTemplateById.json | 53 + .../GetAlertRuleTemplates.json | 238 ++ .../alertRules/CreateFusionAlertRule.json | 845 +++++ ...nAlertRuleWithFusionScenarioExclusion.json | 851 +++++ ...softSecurityIncidentCreationAlertRule.json | 58 + .../alertRules/CreateNrtAlertRule.json | 136 + .../alertRules/CreateScheduledAlertRule.json | 270 ++ .../examples/alertRules/DeleteAlertRule.json | 13 + .../examples/alertRules/GetAllAlertRules.json | 412 +++ .../alertRules/GetFusionAlertRule.json | 310 ++ ...softSecurityIncidentCreationAlertRule.json | 30 + .../examples/alertRules/GetNrtAlertRule.json | 55 + .../alertRules/GetScheduledAlertRule.json | 95 + .../AutomationRules_CreateOrUpdate.json | 171 + .../AutomationRules_Delete.json | 17 + .../automationRules/AutomationRules_Get.json | 65 + .../automationRules/AutomationRules_List.json | 68 + .../GetAllBillingStatistics.json | 26 + .../GetBillingStatistic.json | 23 + .../examples/bookmarks/CreateBookmark.json | 143 + .../examples/bookmarks/DeleteBookmark.json | 13 + .../examples/bookmarks/GetBookmarkById.json | 64 + .../examples/bookmarks/GetBookmarks.json | 67 + .../bookmarks/expand/PostExpandBookmark.json | 43 + .../relations/CreateBookmarkRelation.json | 43 + .../relations/DeleteBookmarkRelation.json | 14 + .../relations/GetAllBookmarkRelations.json | 28 + .../relations/GetBookmarkRelationByName.json | 25 + .../contentPackages/GetPackageById.json | 33 + .../examples/contentPackages/GetPackages.json | 38 + .../GetProductPackageById.json | 75 + .../contentPackages/GetProductPackages.json | 77 + .../contentPackages/InstallPackage.json | 148 + .../contentPackages/UninstallPackage.json | 13 + .../contentTemplates/DeleteTemplate.json | 13 + .../GetProductTemplateById.json | 41 + .../contentTemplates/GetProductTemplates.json | 43 + .../contentTemplates/GetTemplateById.json | 39 + .../contentTemplates/GetTemplates.json | 41 + .../contentTemplates/InstallTemplate.json | 222 ++ ...CheckRequirementsAzureActiveDirectory.json | 22 + ...tsAzureActiveDirectoryNoAuthorization.json | 22 + ...irementsAzureActiveDirectoryNoLicense.json | 22 + .../CheckRequirementsAzureSecurityCenter.json | 22 + .../CheckRequirementsDynamics365.json | 22 + .../dataConnectors/CheckRequirementsIoT.json | 22 + .../CheckRequirementsMdatp.json | 22 + ...RequirementsMicrosoftCloudAppSecurity.json | 22 + ...MicrosoftPurviewInformationProtection.json | 22 + ...quirementsMicrosoftThreatIntelligence.json | 22 + ...RequirementsMicrosoftThreatProtection.json | 22 + .../CheckRequirementsOffice365Project.json | 22 + .../CheckRequirementsOfficeATP.json | 22 + .../CheckRequirementsOfficeIRM.json | 22 + .../CheckRequirementsOfficePowerBI.json | 22 + .../CheckRequirementsThreatIntelligence.json | 22 + ...ckRequirementsThreatIntelligenceTaxii.json | 22 + .../dataConnectors/ConnectAPIPolling.json | 24 + .../ConnectAPIPollingV2Logs.json | 27 + .../dataConnectors/CreateAPIPolling.json | 368 ++ .../CreateDynamics365DataConnetor.json | 57 + .../dataConnectors/CreateGenericUI.json | 437 +++ .../CreateGoogleCloudPlatform.json | 92 + ...viewInformationProtectionDataConnetor.json | 57 + ...rosoftThreatIntelligenceDataConnector.json | 59 + ...MicrosoftThreatProtectionDataConnetor.json | 81 + .../CreateOffice365ProjectDataConnetor.json | 57 + .../CreateOfficeDataConnetor.json | 75 + .../CreateOfficePowerBIDataConnector.json | 57 + ...CreateThreatIntelligenceDataConnector.json | 59 + ...eThreatIntelligenceTaxiiDataConnector.json | 81 + .../dataConnectors/DeleteAPIPolling.json | 13 + .../dataConnectors/DeleteGenericUI.json | 13 + .../DeleteGoogleCloudPlatform.json | 13 + ...viewInformationProtectionDataConnetor.json | 13 + ...rosoftThreatIntelligenceDataConnector.json | 13 + .../DeleteOffice365ProjectDataConnetor.json | 13 + .../DeleteOfficeDataConnetor.json | 13 + .../DeleteOfficePowerBIDataConnetor.json | 13 + .../dataConnectors/DisconnectAPIPolling.json | 13 + .../dataConnectors/GetAPIPolling.json | 133 + .../GetAmazonWebServicesCloudTrailById.json | 28 + .../GetAmazonWebServicesS3ById.json | 32 + .../GetAzureActiveDirectoryById.json | 28 + .../GetAzureAdvancedThreatProtectionById.json | 28 + .../GetAzureSecurityCenterById.json | 28 + .../dataConnectors/GetDataConnectors.json | 508 +++ .../GetDynamics365DataConnectorById.json | 28 + .../examples/dataConnectors/GetGenericUI.json | 156 + .../GetGoogleCloudPlatformById.json | 35 + .../examples/dataConnectors/GetIoTById.json | 28 + .../GetMicrosoftCloudAppSecurityById.json | 31 + ...tDefenderAdvancedThreatProtectionById.json | 28 + ...GetMicrosoftInsiderRiskManagementById.json | 28 + ...InformationProtectionDataConnetorById.json | 28 + .../GetMicrosoftThreatIntelligenceById.json | 29 + .../GetMicrosoftThreatProtectionById.json | 36 + ...Office365AdvancedThreatProtectionById.json | 28 + .../GetOffice365ProjectDataConnetorById.json | 28 + .../GetOfficeDataConnetorById.json | 34 + .../GetOfficePowerBIDataConnetorById.json | 28 + .../GetThreatIntelligenceById.json | 29 + .../GetThreatIntelligenceTaxiiById.json | 36 + .../examples/enrichment/GetGeodataByIp.json | 31 + .../enrichment/GetWhoisByDomainName.json | 87 + .../entities/GetAccountEntityById.json | 32 + .../entities/GetAzureResourceEntityById.json | 24 + .../GetCloudApplicationEntityById.json | 25 + .../examples/entities/GetDnsEntityById.json | 26 + .../examples/entities/GetEntities.json | 63 + .../examples/entities/GetFileEntityById.json | 24 + .../entities/GetFileHashEntityById.json | 24 + .../examples/entities/GetHostEntityById.json | 31 + .../entities/GetIoTDeviceEntityById.json | 45 + .../examples/entities/GetIpEntityById.json | 23 + .../entities/GetMailClusterEntityById.json | 44 + .../entities/GetMailMessageEntityById.json | 48 + .../entities/GetMailboxEntityById.json | 26 + .../entities/GetMalwareEntityById.json | 24 + .../entities/GetProcessEntityById.json | 25 + .../examples/entities/GetQueries.json | 456 +++ .../entities/GetRegistryKeyEntityById.json | 24 + .../entities/GetRegistryValueEntityById.json | 26 + .../entities/GetSecurityAlertEntityById.json | 51 + .../entities/GetSecurityGroupEntityById.json | 25 + .../entities/GetSubmissionMailEntityById.json | 29 + .../examples/entities/GetUrlEntityById.json | 23 + .../entities/expand/PostExpandEntity.json | 52 + .../entities/insights/PostGetInsights.json | 100 + .../relations/GetAllEntityRelations.json | 28 + .../relations/GetEntityRelationByName.json | 25 + .../entities/timeline/PostTimelineEntity.json | 92 + .../CreateEntityQueryActivity.json | 133 + .../entityQueries/DeleteEntityQuery.json | 13 + .../GetActivityEntityQueryById.json | 54 + .../entityQueries/GetEntityQueries.json | 59 + .../GetExpansionEntityQueryById.json | 34 + .../GetActivityEntityQueryTemplateById.json | 57 + .../GetEntityQueryTemplates.json | 105 + .../fileImports/CreateFileImport.json | 49 + .../fileImports/DeleteFileImport.json | 41 + .../fileImports/GetFileImportById.json | 37 + .../examples/fileImports/GetFileImports.json | 42 + .../examples/hunts/CreateHunt.json | 100 + .../examples/hunts/CreateHuntComment.json | 56 + .../examples/hunts/CreateHuntRelation.json | 53 + .../examples/hunts/DeleteHunt.json | 14 + .../examples/hunts/DeleteHuntComment.json | 15 + .../examples/hunts/DeleteHuntRelation.json | 15 + .../examples/hunts/GetHuntById.json | 43 + .../examples/hunts/GetHuntCommentById.json | 32 + .../examples/hunts/GetHuntComments.json | 27 + .../examples/hunts/GetHuntRelationById.json | 29 + .../examples/hunts/GetHuntRelations.json | 32 + .../examples/hunts/GetHunts.json | 46 + .../IncidentAlerts/Incidents_ListAlerts.json | 50 + .../Incidents_ListBookmarks.json | 47 + .../IncidentComments_CreateOrUpdate.json | 55 + .../IncidentComments_Delete.json | 14 + .../IncidentComments_Get.json | 31 + .../IncidentComments_List.json | 34 + .../Incidents_ListEntities.json | 34 + .../IncidentTasks_CreateOrUpdate.json | 73 + .../IncidentTasks/IncidentTasks_Delete.json | 14 + .../IncidentTasks/IncidentTasks_Get.json | 39 + .../IncidentTasks/IncidentTasks_List.json | 42 + .../IncidentTeam/Incidents_CreateTeam.json | 26 + .../incidents/Incidents_CreateOrUpdate.json | 136 + .../examples/incidents/Incidents_Delete.json | 13 + .../examples/incidents/Incidents_Get.json | 63 + .../examples/incidents/Incidents_List.json | 68 + .../relations/CreateIncidentRelation.json | 43 + .../relations/DeleteIncidentRelation.json | 14 + .../relations/GetAllIncidentRelations.json | 40 + .../relations/GetIncidentRelationByName.json | 25 + .../manualTrigger/Entities_RunPlaybook.json | 17 + .../manualTrigger/Incidents_RunPlaybook.json | 18 + .../examples/metadata/DeleteMetadata.json | 13 + .../examples/metadata/GetAllMetadata.json | 64 + .../metadata/GetAllMetadataOData.json | 52 + .../examples/metadata/GetMetadata.json | 104 + .../examples/metadata/PatchMetadata.json | 35 + .../examples/metadata/PutMetadata.json | 286 ++ .../examples/metadata/PutMetadataMinimal.json | 40 + .../officeConsents/DeleteOfficeConsents.json | 13 + .../officeConsents/GetOfficeConsents.json | 25 + .../officeConsents/GetOfficeConsentsById.json | 22 + .../CreateSentinelOnboardingState.json | 36 + .../DeleteSentinelOnboardingState.json | 13 + .../GetAllSentinelOnboardingStates.json | 24 + .../GetSentinelOnboardingState.json | 21 + .../examples/operations/ListOperations.json | 563 +++ .../recommendations/GetRecommendation.json | 48 + .../recommendations/GetRecommendations.json | 51 + .../recommendations/PatchRecommendation.json | 56 + .../repositories/GetRepositories.json | 25 + ...eateAnomalySecurityMLAnalyticsSetting.json | 245 ++ .../DeleteSecurityMLAnalyticsSetting.json | 13 + .../GetAllSecurityMLAnalyticsSettings.json | 94 + .../GetAnomalySecurityMLAnalyticsSetting.json | 91 + .../settings/DeleteEyesOnSetting.json | 13 + .../examples/settings/GetAllSettings.json | 25 + .../examples/settings/GetEyesOnSetting.json | 22 + .../settings/UpdateEyesOnSetting.json | 28 + .../sourcecontrols/CreateSourceControl.json | 162 + .../sourcecontrols/DeleteSourceControl.json | 27 + .../sourcecontrols/GetSourceControlById.json | 75 + .../sourcecontrols/GetSourceControls.json | 78 + .../AppendTagsThreatIntelligence.json | 18 + .../CollectThreatIntelligenceMetrics.json | 43 + .../CreateThreatIntelligence.json | 100 + .../DeleteThreatIntelligence.json | 13 + .../GetThreatIntelligence.json | 76 + .../GetThreatIntelligenceById.json | 43 + .../QueryThreatIntelligence.json | 107 + .../ReplaceTagsThreatIntelligence.json | 52 + .../UpdateThreatIntelligence.json | 101 + .../triggerRuleRun_Post.json | 23 + .../triggeredAnalyticsRuleRun_Get.json | 29 + .../triggeredAnalyticsRuleRuns_Get.json | 48 + .../examples/watchlists/CreateWatchlist.json | 88 + .../CreateWatchlistAndWatchlistItems.json | 92 + .../watchlists/CreateWatchlistItem.json | 92 + .../examples/watchlists/DeleteWatchlist.json | 18 + .../watchlists/DeleteWatchlistItem.json | 15 + .../watchlists/GetWatchlistByAlias.json | 50 + .../watchlists/GetWatchlistItemById.json | 47 + .../watchlists/GetWatchlistItems.json | 50 + .../examples/watchlists/GetWatchlists.json | 53 + .../CreateJob.json | 24 + ...ateOrUpdateWorkspaceManagerAssignment.json | 62 + .../DeleteJob.json | 14 + .../DeleteWorkspaceManagerAssignment.json | 13 + .../GetAllJobs.json | 46 + .../GetAllWorkspaceManagerAssignments.json | 35 + .../workspaceManagerAssignments/GetJob.json | 43 + .../GetWorkspaceManagerAssignment.json | 32 + ...OrUpdateWorkspaceManagerConfiguration.json | 38 + .../DeleteWorkspaceManagerConfiguration.json | 13 + .../GetAllWorkspaceManagerConfigurations.json | 25 + .../GetWorkspaceManagerConfiguration.json | 22 + .../CreateOrUpdateWorkspaceManagerGroup.json | 53 + .../DeleteWorkspaceManagerGroup.json | 13 + .../GetAllWorkspaceManagerGroups.json | 30 + .../GetWorkspaceManagerGroup.json | 27 + .../CreateOrUpdateWorkspaceManagerMember.json | 41 + .../DeleteWorkspaceManagerMember.json | 13 + .../GetAllWorkspaceManagerMembers.json | 26 + .../GetWorkspaceManagerMember.json | 23 + .../2023-07-01-preview/operations.json | 138 + 290 files changed, 42847 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json new file mode 100644 index 000000000000..dad3d01ca238 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json @@ -0,0 +1,2543 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get an Nrt alert rule.": { + "$ref": "./examples/alertRules/GetNrtAlertRule.json" + }, + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + }, + "Creates or updates a Nrt alert rule.": { + "$ref": "./examples/alertRules/CreateNrtAlertRule.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a Fusion alert rule with scenario exclusion pattern.": { + "$ref": "./examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "operationId": "Actions_ListByAlertRule", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "operationId": "Actions_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "operationId": "Actions_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + }, + { + "$ref": "#/parameters/Action" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "operationId": "Actions_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "operationId": "AlertRuleTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "operationId": "AlertRuleTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AlertRuleTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "AlertRule": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Alert rule.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "AlertRuleKindEnum": { + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion", + "MLBehaviorAnalytics", + "ThreatIntelligence", + "NRT" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertRuleKind", + "values": [ + { + "value": "Scheduled" + }, + { + "value": "MicrosoftSecurityIncidentCreation" + }, + { + "value": "Fusion" + }, + { + "value": "MLBehaviorAnalytics" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "NRT" + } + ] + } + }, + "AlertRuleTemplate": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Alert rule template.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "required": [ + "kind" + ] + }, + "AlertRuleTemplateDataSource": { + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlertRuleTemplatePropertiesBase": { + "description": "Base alert rule template property bag.", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "type": "integer", + "format": "int32" + }, + "lastUpdatedDateUTC": { + "description": "The last time that this alert rule template has been updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ], + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status." + } + }, + "type": "object" + }, + "AlertRuleTemplateStatus": { + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TemplateStatus", + "values": [ + { + "description": "Alert rule template installed. and can not use more then once", + "value": "Installed" + }, + { + "description": "Alert rule template is available.", + "value": "Available" + }, + { + "description": "Alert rule template is not available", + "value": "NotAvailable" + } + ] + } + }, + "AlertRuleTemplateWithMitreProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "Alert rule template with MITRE property bag.", + "properties": { + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "QueryBasedAlertRuleTemplateProperties": { + "description": "Query based alert rule template base property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "version": { + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", + "type": "string" + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "AlertRuleTemplatesList": { + "description": "List all the alert rule templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rule templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rule templates.", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertRuleTriggerOperator": { + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "TriggerOperator" + } + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "items": { + "$ref": "#/definitions/AlertRule" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "MLBehaviorAnalyticsAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MLBehaviorAnalyticsAlertRuleProperties", + "description": "MLBehaviorAnalytics alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "MLBehaviorAnalyticsAlertRuleProperties": { + "description": "MLBehaviorAnalytics alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "MLBehaviorAnalyticsAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ], + "description": "MLBehaviorAnalytics alert rule template properties.", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + } + }, + "type": "object", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "FusionAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "sourceSettings": { + "description": "Configuration for all supported source signals in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSettings" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "scenarioExclusionPatterns": { + "description": "Configuration to exclude scenarios in fusion detection.", + "items": { + "$ref": "#/definitions/FusionScenarioExclusionPattern" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "FusionSourceSettings": { + "description": "Represents a supported source signal configuration in Fusion detection.", + "properties": { + "enabled": { + "description": "Determines whether this source signal is enabled or disabled in Fusion detection.", + "type": "boolean" + }, + "sourceName": { + "description": "Name of the Fusion source signal. Refer to Fusion alert rule template for supported values.", + "type": "string" + }, + "sourceSubTypes": { + "description": "Configuration for all source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSubTypeSetting" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "enabled", + "sourceName" + ], + "type": "object" + }, + "FusionSourceSubTypeSetting": { + "description": "Represents a supported source subtype configuration under a source signal in Fusion detection.", + "properties": { + "enabled": { + "description": "Determines whether this source subtype under source signal is enabled or disabled in Fusion detection.", + "type": "boolean" + }, + "sourceSubTypeName": { + "description": "The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values.", + "type": "string" + }, + "sourceSubTypeDisplayName": { + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "type": "string", + "readOnly": true + }, + "severityFilters": { + "description": "Severity configuration for a source subtype consumed in fusion detection.", + "$ref": "#/definitions/FusionSubTypeSeverityFilter", + "type": "object" + } + }, + "required": [ + "enabled", + "sourceSubTypeName", + "severityFilters" + ], + "type": "object" + }, + "FusionSubTypeSeverityFilter": { + "description": "Represents severity configuration for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "description": "Determines whether this source subtype supports severity configuration or not.", + "type": "boolean", + "readOnly": true + }, + "filters": { + "description": "Individual Severity configuration settings for a given source subtype consumed in Fusion detection.", + "items": { + "$ref": "#/definitions/FusionSubTypeSeverityFiltersItem" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "FusionSubTypeSeverityFiltersItem": { + "description": "Represents a Severity filter setting for a given source subtype consumed in Fusion detection.", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The Severity for a given source subtype consumed in Fusion detection." + }, + "enabled": { + "description": "Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection.", + "type": "boolean" + } + }, + "required": [ + "severity", + "enabled" + ], + "type": "object" + }, + "FusionScenarioExclusionPattern": { + "description": "Represents a Fusion scenario exclusion patterns in Fusion detection.", + "properties": { + "exclusionPattern": { + "description": "Scenario exclusion pattern.", + "type": "string" + }, + "dateAddedInUTC": { + "description": "DateTime when scenario exclusion pattern is added in UTC.", + "type": "string" + } + }, + "required": [ + "exclusionPattern", + "dateAddedInUTC" + ], + "type": "object" + }, + "FusionAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleTemplateProperties", + "description": "Fusion alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleTemplateProperties": { + "description": "Fusion alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastUpdatedDateUTC": { + "description": "The time that this alert rule template was last updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceSettings": { + "description": "All supported source signal configurations consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSetting" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object", + "x-ms-client-flatten": true + }, + "FusionTemplateSourceSetting": { + "description": "Represents a source signal consumed in Fusion detection.", + "properties": { + "sourceName": { + "description": "The name of a source signal consumed in Fusion detection.", + "type": "string" + }, + "sourceSubTypes": { + "description": "All supported source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSubType" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "sourceName" + ], + "type": "object" + }, + "FusionTemplateSourceSubType": { + "description": "Represents a source subtype under a source signal consumed in Fusion detection.", + "properties": { + "sourceSubTypeName": { + "description": "The name of source subtype under a source signal consumed in Fusion detection.", + "type": "string" + }, + "sourceSubTypeDisplayName": { + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "type": "string", + "readOnly": true + }, + "severityFilter": { + "description": "Severity configuration available for a source subtype consumed in fusion detection.", + "$ref": "#/definitions/FusionTemplateSubTypeSeverityFilter", + "type": "object" + } + }, + "required": [ + "sourceSubTypeName", + "severityFilter" + ], + "type": "object" + }, + "FusionTemplateSubTypeSeverityFilter": { + "description": "Represents severity configurations available for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "description": "Determines whether severity configuration is supported for this source subtype consumed in Fusion detection.", + "type": "boolean" + }, + "severityFilters": { + "description": "List of all supported severities for this source subtype consumed in Fusion detection.", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "isSupported" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Threat Intelligence alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties", + "description": "Threat Intelligence alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "ThreatIntelligenceAlertRuleProperties": { + "description": "Threat Intelligence alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Threat Intelligence alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ], + "description": "Threat Intelligence alert rule template properties", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityProductName": { + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", + "Microsoft Defender Advanced Threat Protection" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MicrosoftSecurityProductName" + } + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "required": [ + "displayName", + "description", + "createdDateUTC", + "status", + "alertRulesCreatedByTemplateCount", + "productFilter" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "type": "array" + } + }, + "type": "object", + "x-ms-client-flatten": true + }, + "ScheduledAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "templateVersion": { + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object", + "x-ms-client-flatten": true + }, + "NrtAlertRuleProperties": { + "description": "Nrt alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "templateVersion": { + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object", + "x-ms-client-flatten": true + }, + "ScheduledAlertRuleTemplateProperties": { + "description": "Scheduled alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastUpdatedDateUTC": { + "description": "The time that this alert rule template was last updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "format": "int32", + "type": "integer" + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", + "type": "string" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "ScheduledAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", + "description": "Scheduled alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "version" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "NrtAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents NRT alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + }, + { + "$ref": "#/definitions/QueryBasedAlertRuleTemplateProperties" + } + ], + "description": "NRT alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "version" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "NRT" + }, + "EventGroupingSettings": { + "description": "Event grouping settings property bag.", + "properties": { + "aggregationKind": { + "$ref": "#/definitions/EventGroupingAggregationKind" + } + }, + "type": "object" + }, + "EventGroupingAggregationKind": { + "description": "The event grouping aggregation kinds", + "enum": [ + "SingleAlert", + "AlertPerResult" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EventGroupingAggregationKind" + } + }, + "ScheduledAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "NrtAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents NRT alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/NrtAlertRuleProperties", + "description": "NRT alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "NRT" + }, + "ScheduledAlertRuleCommonProperties": { + "description": "Scheduled alert rule template property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "type": "integer", + "format": "int32" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "EntityMappings": { + "description": "List of entity mappings of the alert rule", + "type": "array", + "items": { + "$ref": "#/definitions/EntityMapping" + }, + "x-ms-identifiers": [] + }, + "EntityMapping": { + "description": "Single entity mapping for the alert rule", + "properties": { + "entityType": { + "$ref": "#/definitions/EntityMappingType" + }, + "fieldMappings": { + "description": "array of field mappings for the given entity mapping", + "type": "array", + "items": { + "$ref": "#/definitions/FieldMapping" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "FieldMapping": { + "description": "A single field mapping of the mapped entity", + "properties": { + "identifier": { + "description": "the V3 identifier of the entity", + "type": "string" + }, + "columnName": { + "description": "the column name to be mapped to the identifier", + "type": "string" + } + }, + "type": "object" + }, + "SentinelEntitiesMappings": { + "description": "List of sentinel entity mappings of the alert rule", + "type": "array", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + }, + "x-ms-identifiers": [] + }, + "SentinelEntityMapping": { + "description": "A single sentinel entity mapping", + "properties": { + "columnName": { + "description": "the column name to be mapped to the SentinelEntities", + "type": "string" + } + }, + "type": "object" + }, + "AlertDetailsOverride": { + "description": "Settings for how to dynamically override alert static details", + "properties": { + "alertDisplayNameFormat": { + "description": "the format containing columns name(s) to override the alert name", + "type": "string" + }, + "alertDescriptionFormat": { + "description": "the format containing columns name(s) to override the alert description", + "type": "string" + }, + "alertTacticsColumnName": { + "description": "the column name to take the alert tactics from", + "type": "string" + }, + "alertSeverityColumnName": { + "description": "the column name to take the alert severity from", + "type": "string" + }, + "alertDynamicProperties": { + "description": "List of additional dynamic properties to override", + "type": "array", + "items": { + "$ref": "#/definitions/AlertPropertyMapping" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "AlertPropertyMapping": { + "description": "A single alert property mapping to override", + "properties": { + "alertProperty": { + "$ref": "#/definitions/AlertProperty" + }, + "value": { + "description": "the column name to use to override this property", + "type": "string" + } + }, + "type": "object" + }, + "IncidentConfiguration": { + "description": "Incident Configuration property bag.", + "properties": { + "createIncident": { + "description": "Create incidents from alerts triggered by this analytics rule", + "type": "boolean" + }, + "groupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration", + "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" + } + }, + "type": "object", + "required": [ + "createIncident" + ] + }, + "GroupingConfiguration": { + "description": "Grouping configuration property bag.", + "properties": { + "enabled": { + "description": "Grouping enabled", + "type": "boolean" + }, + "reopenClosedIncident": { + "description": "Re-open closed matching incidents", + "type": "boolean" + }, + "lookbackDuration": { + "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "matchingMethod": { + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.", + "enum": [ + "AllEntities", + "AnyAlert", + "Selected" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MatchingMethod", + "values": [ + { + "description": "Grouping alerts into a single incident if all the entities match", + "value": "AllEntities" + }, + { + "description": "Grouping any alerts triggered by this rule into a single incident", + "value": "AnyAlert" + }, + { + "description": "Grouping alerts into a single incident if the selected entities, custom details and alert details match", + "value": "Selected" + } + ] + } + }, + "groupByEntities": { + "description": "A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.", + "items": { + "$ref": "#/definitions/EntityMappingType" + }, + "type": "array" + }, + "groupByAlertDetails": { + "description": "A list of alert details to group by (when matchingMethod is Selected)", + "items": { + "description": "Alert detail", + "enum": [ + "DisplayName", + "Severity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertDetail", + "values": [ + { + "description": "Alert display name", + "value": "DisplayName" + }, + { + "description": "Alert severity", + "value": "Severity" + } + ] + } + }, + "type": "array" + }, + "groupByCustomDetails": { + "description": "A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "enabled", + "reopenClosedIncident", + "lookbackDuration", + "matchingMethod" + ] + }, + "ActionRequest": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionPropertiesBase": { + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", + "type": "string" + } + }, + "required": [ + "logicAppResourceId" + ], + "type": "object" + }, + "ActionRequestProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", + "type": "string", + "x-ms-secret": true + } + }, + "required": [ + "triggerUri" + ], + "type": "object" + }, + "ActionResponse": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "workflowId": { + "description": "The name of the logic app's workflow.", + "type": "string" + } + }, + "type": "object" + }, + "ActionsList": { + "description": "List all the actions.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of actions.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of actions.", + "items": { + "$ref": "#/definitions/ActionResponse" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "EntityMappingType": { + "description": "The V3 type of the mapped entity", + "enum": [ + "Account", + "Host", + "IP", + "Malware", + "File", + "Process", + "CloudApplication", + "DNS", + "AzureResource", + "FileHash", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityMappingType", + "values": [ + { + "description": "User account entity type", + "value": "Account" + }, + { + "description": "Host entity type", + "value": "Host" + }, + { + "description": "IP address entity type", + "value": "IP" + }, + { + "description": "Malware entity type", + "value": "Malware" + }, + { + "description": "System file entity type", + "value": "File" + }, + { + "description": "Process entity type", + "value": "Process" + }, + { + "description": "Cloud app entity type", + "value": "CloudApplication" + }, + { + "description": "DNS entity type", + "value": "DNS" + }, + { + "description": "Azure resource entity type", + "value": "AzureResource" + }, + { + "description": "File-hash entity type", + "value": "FileHash" + }, + { + "description": "Registry key entity type", + "value": "RegistryKey" + }, + { + "description": "Registry value entity type", + "value": "RegistryValue" + }, + { + "description": "Security group entity type", + "value": "SecurityGroup" + }, + { + "description": "URL entity type", + "value": "URL" + }, + { + "description": "Mailbox entity type", + "value": "Mailbox" + }, + { + "description": "Mail cluster entity type", + "value": "MailCluster" + }, + { + "description": "Mail message entity type", + "value": "MailMessage" + }, + { + "description": "Submission mail entity type", + "value": "SubmissionMail" + } + ] + } + }, + "AlertProperty": { + "description": "The V3 alert property", + "enum": [ + "AlertLink", + "ConfidenceLevel", + "ConfidenceScore", + "ExtendedLinks", + "ProductName", + "ProviderName", + "ProductComponentName", + "RemediationSteps", + "Techniques" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertProperty", + "values": [ + { + "description": "Alert's link", + "value": "AlertLink" + }, + { + "description": "Confidence level property", + "value": "ConfidenceLevel" + }, + { + "description": "Confidence score", + "value": "ConfidenceScore" + }, + { + "description": "Extended links to the alert", + "value": "ExtendedLinks" + }, + { + "description": "Product name alert property", + "value": "ProductName" + }, + { + "description": "Provider name alert property", + "value": "ProviderName" + }, + { + "description": "Product component name alert property", + "value": "ProductComponentName" + }, + { + "description": "Remediation steps alert property", + "value": "RemediationSteps" + }, + { + "description": "Techniques alert property", + "value": "Techniques" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json new file mode 100644 index 000000000000..6858eb99c1bc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json @@ -0,0 +1,1495 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { + "get": { + "tags": [ + "automationRules" + ], + "description": "Gets the automation rule.", + "operationId": "AutomationRules_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Get": { + "$ref": "./examples/automationRules/AutomationRules_Get.json" + } + } + }, + "put": { + "tags": [ + "automationRules" + ], + "description": "Creates or updates the automation rule.", + "operationId": "AutomationRules_CreateOrUpdate", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + }, + { + "in": "body", + "name": "automationRuleToUpsert", + "description": "The automation rule", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_CreateOrUpdate": { + "$ref": "./examples/automationRules/AutomationRules_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "automationRules" + ], + "description": "Delete the automation rule.", + "operationId": "AutomationRules_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "type": "object" + } + }, + "204": { + "description": "No Content", + "schema": { + "type": "object" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Delete": { + "$ref": "./examples/automationRules/AutomationRules_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { + "get": { + "tags": [ + "automationRules" + ], + "description": "Gets all automation rules.", + "operationId": "AutomationRules_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "AutomationRules_List": { + "$ref": "./examples/automationRules/AutomationRules_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook": { + "post": { + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific entity.", + "operationId": "Entities_RunPlaybook", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "entityIdentifier", + "description": "Entity identifier.", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "requestBody", + "description": "Describes the request body for triggering a playbook on an entity.", + "schema": { + "$ref": "#/definitions/EntityManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Entities_RunPlaybook": { + "$ref": "./examples/manualTrigger/Entities_RunPlaybook.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { + "post": { + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific incident", + "operationId": "Incidents_RunPlaybook", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "incidentIdentifier", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "requestBody", + "schema": { + "$ref": "#/definitions/ManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "Success", + "schema": { + "type": "object" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_RunPlaybook": { + "$ref": "./examples/manualTrigger/Incidents_RunPlaybook.json" + } + } + } + } + }, + "definitions": { + "ActionType": { + "description": "The type of the automation rule action.", + "enum": [ + "ModifyProperties", + "RunPlaybook", + "AddIncidentTask" + ], + "type": "string", + "example": "ModifyProperties", + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true, + "values": [ + { + "value": "ModifyProperties", + "description": "Modify an object's properties" + }, + { + "value": "RunPlaybook", + "description": "Run a playbook on an object" + }, + { + "value": "AddIncidentTask", + "description": "Add a task to an incident object" + } + ] + } + }, + "AddIncidentTaskActionProperties": { + "required": [ + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the task.", + "type": "string" + }, + "description": { + "description": "The description of the task.", + "type": "string" + } + } + }, + "AutomationRule": { + "required": [ + "properties" + ], + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/AutomationRuleProperties", + "x-ms-client-flatten": true + } + } + }, + "AutomationRuleAction": { + "description": "Describes an automation rule action.", + "required": [ + "actionType", + "order" + ], + "type": "object", + "properties": { + "order": { + "format": "int32", + "type": "integer" + }, + "actionType": { + "$ref": "#/definitions/ActionType" + } + }, + "discriminator": "actionType" + }, + "AutomationRuleAddIncidentTaskAction": { + "description": "Describes an automation rule action to add a task to an incident", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/AddIncidentTaskActionProperties" + } + }, + "x-ms-discriminator-value": "AddIncidentTask", + "x-ms-client-flatten": true + }, + "AutomationRuleBooleanCondition": { + "type": "object", + "properties": { + "operator": { + "$ref": "#/definitions/AutomationRuleBooleanConditionSupportedOperator" + }, + "innerConditions": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [], + "minItems": 2, + "maxItems": 10 + } + } + }, + "AutomationRuleBooleanConditionSupportedOperator": { + "enum": [ + "And", + "Or" + ], + "type": "string", + "example": "And", + "x-ms-enum": { + "name": "AutomationRuleBooleanConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "value": "And", + "description": "Evaluates as true if all the item conditions are evaluated as true" + }, + { + "value": "Or", + "description": "Evaluates as true if at least one of the item conditions are evaluated as true" + } + ] + } + }, + "AutomationRuleCondition": { + "description": "Describes an automation rule condition.", + "required": [ + "conditionType" + ], + "type": "object", + "properties": { + "conditionType": { + "$ref": "#/definitions/ConditionType" + } + }, + "discriminator": "conditionType" + }, + "AutomationRuleModifyPropertiesAction": { + "description": "Describes an automation rule action to modify an object's properties", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/IncidentPropertiesAction" + } + }, + "x-ms-discriminator-value": "ModifyProperties", + "x-ms-client-flatten": true + }, + "AutomationRuleProperties": { + "description": "Automation rule properties", + "required": [ + "actions", + "displayName", + "order", + "triggeringLogic" + ], + "type": "object", + "properties": { + "displayName": { + "description": "The display name of the automation rule.", + "type": "string", + "maxLength": 500 + }, + "order": { + "format": "int32", + "description": "The order of execution of the automation rule.", + "type": "integer", + "minimum": 1, + "maximum": 1000 + }, + "triggeringLogic": { + "$ref": "#/definitions/AutomationRuleTriggeringLogic" + }, + "actions": { + "description": "The actions to execute when the automation rule is triggered.", + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleAction" + }, + "x-ms-identifiers": [], + "maxItems": 20 + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the automation rule was updated.", + "type": "string", + "readOnly": true + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the automation rule was created.", + "type": "string", + "readOnly": true + }, + "lastModifiedBy": { + "readOnly": true, + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + }, + "createdBy": { + "readOnly": true, + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + } + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedArrayType": { + "enum": [ + "Alerts", + "Labels", + "Tactics", + "Comments" + ], + "type": "string", + "example": "Alerts", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "value": "Alerts", + "description": "Evaluate the condition on the alerts" + }, + { + "value": "Labels", + "description": "Evaluate the condition on the labels" + }, + { + "value": "Tactics", + "description": "Evaluate the condition on the tactics" + }, + { + "value": "Comments", + "description": "Evaluate the condition on the comments" + } + ] + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedChangeType": { + "enum": [ + "Added" + ], + "type": "string", + "example": "Added", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedChangeType", + "modelAsString": true, + "values": [ + { + "value": "Added", + "description": "Evaluate the condition on items added to the array" + } + ] + } + }, + "AutomationRulePropertyArrayChangedValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedArrayType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedChangeType" + } + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayConditionType": { + "enum": [ + "AnyItem" + ], + "type": "string", + "example": "AnyItem", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayConditionType", + "modelAsString": true, + "values": [ + { + "value": "AnyItem", + "description": "Evaluate the condition as true if any item fulfills it" + } + ] + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayType": { + "enum": [ + "CustomDetails", + "CustomDetailValues" + ], + "type": "string", + "example": "CustomDetails", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "value": "CustomDetails", + "description": "Evaluate the condition on the custom detail keys" + }, + { + "value": "CustomDetailValues", + "description": "Evaluate the condition on a custom detail's values" + } + ] + } + }, + "AutomationRulePropertyArrayValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayType" + }, + "arrayConditionType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayConditionType" + }, + "itemConditions": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [], + "maxItems": 10 + } + } + }, + "AutomationRulePropertyChangedConditionSupportedChangedType": { + "enum": [ + "ChangedFrom", + "ChangedTo" + ], + "type": "string", + "example": "ChangedFrom", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedChangedType", + "modelAsString": true, + "values": [ + { + "value": "ChangedFrom", + "description": "Evaluate the condition on the previous value of the property" + }, + { + "value": "ChangedTo", + "description": "Evaluate the condition on the updated value of the property" + } + ] + } + }, + "AutomationRulePropertyChangedConditionSupportedPropertyType": { + "enum": [ + "IncidentSeverity", + "IncidentStatus", + "IncidentOwner" + ], + "type": "string", + "example": "IncidentSeverity", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedPropertyType", + "modelAsString": true, + "values": [ + { + "value": "IncidentSeverity", + "description": "Evaluate the condition on the incident severity" + }, + { + "value": "IncidentStatus", + "description": "Evaluate the condition on the incident status" + }, + { + "value": "IncidentOwner", + "description": "Evaluate the condition on the incident owner" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedOperator": { + "enum": [ + "Equals", + "NotEquals", + "Contains", + "NotContains", + "StartsWith", + "NotStartsWith", + "EndsWith", + "NotEndsWith" + ], + "type": "string", + "example": "Equals", + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "value": "Equals", + "description": "Evaluates if the property equals at least one of the condition values" + }, + { + "value": "NotEquals", + "description": "Evaluates if the property does not equal any of the condition values" + }, + { + "value": "Contains", + "description": "Evaluates if the property contains at least one of the condition values" + }, + { + "value": "NotContains", + "description": "Evaluates if the property does not contain any of the condition values" + }, + { + "value": "StartsWith", + "description": "Evaluates if the property starts with any of the condition values" + }, + { + "value": "NotStartsWith", + "description": "Evaluates if the property does not start with any of the condition values" + }, + { + "value": "EndsWith", + "description": "Evaluates if the property ends with any of the condition values" + }, + { + "value": "NotEndsWith", + "description": "Evaluates if the property does not end with any of the condition values" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedProperty": { + "description": "The property to evaluate in an automation rule property condition.", + "enum": [ + "IncidentTitle", + "IncidentDescription", + "IncidentSeverity", + "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", + "IncidentTactics", + "IncidentLabel", + "IncidentProviderName", + "IncidentUpdatedBySource", + "IncidentCustomDetailsKey", + "IncidentCustomDetailsValue", + "AccountAadTenantId", + "AccountAadUserId", + "AccountName", + "AccountNTDomain", + "AccountPUID", + "AccountSid", + "AccountObjectGuid", + "AccountUPNSuffix", + "AlertProductNames", + "AlertAnalyticRuleIds", + "AzureResourceResourceId", + "AzureResourceSubscriptionId", + "CloudApplicationAppId", + "CloudApplicationAppName", + "DNSDomainName", + "FileDirectory", + "FileName", + "FileHashValue", + "HostAzureID", + "HostName", + "HostNetBiosName", + "HostNTDomain", + "HostOSVersion", + "IoTDeviceId", + "IoTDeviceName", + "IoTDeviceType", + "IoTDeviceVendor", + "IoTDeviceModel", + "IoTDeviceOperatingSystem", + "IPAddress", + "MailboxDisplayName", + "MailboxPrimaryAddress", + "MailboxUPN", + "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", + "MailMessageRecipient", + "MailMessageSenderIP", + "MailMessageSubject", + "MailMessageP1Sender", + "MailMessageP2Sender", + "MalwareCategory", + "MalwareName", + "ProcessCommandLine", + "ProcessId", + "RegistryKey", + "RegistryValueData", + "Url" + ], + "type": "string", + "example": "IncidentTitle", + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedProperty", + "modelAsString": true, + "values": [ + { + "value": "IncidentTitle", + "description": "The title of the incident" + }, + { + "value": "IncidentDescription", + "description": "The description of the incident" + }, + { + "value": "IncidentSeverity", + "description": "The severity of the incident" + }, + { + "value": "IncidentStatus", + "description": "The status of the incident" + }, + { + "value": "IncidentRelatedAnalyticRuleIds", + "description": "The related Analytic rule ids of the incident" + }, + { + "value": "IncidentTactics", + "description": "The tactics of the incident" + }, + { + "value": "IncidentLabel", + "description": "The labels of the incident" + }, + { + "value": "IncidentProviderName", + "description": "The provider name of the incident" + }, + { + "value": "IncidentUpdatedBySource", + "description": "The update source of the incident" + }, + { + "value": "IncidentCustomDetailsKey", + "description": "The incident custom detail key" + }, + { + "value": "IncidentCustomDetailsValue", + "description": "The incident custom detail value" + }, + { + "value": "AccountAadTenantId", + "description": "The account Azure Active Directory tenant id" + }, + { + "value": "AccountAadUserId", + "description": "The account Azure Active Directory user id" + }, + { + "value": "AccountName", + "description": "The account name" + }, + { + "value": "AccountNTDomain", + "description": "The account NetBIOS domain name" + }, + { + "value": "AccountPUID", + "description": "The account Azure Active Directory Passport User ID" + }, + { + "value": "AccountSid", + "description": "The account security identifier" + }, + { + "value": "AccountObjectGuid", + "description": "The account unique identifier" + }, + { + "value": "AccountUPNSuffix", + "description": "The account user principal name suffix" + }, + { + "value": "AlertProductNames", + "description": "The name of the product of the alert" + }, + { + "value": "AlertAnalyticRuleIds", + "description": "The analytic rule ids of the alert" + }, + { + "value": "AzureResourceResourceId", + "description": "The Azure resource id" + }, + { + "value": "AzureResourceSubscriptionId", + "description": "The Azure resource subscription id" + }, + { + "value": "CloudApplicationAppId", + "description": "The cloud application identifier" + }, + { + "value": "CloudApplicationAppName", + "description": "The cloud application name" + }, + { + "value": "DNSDomainName", + "description": "The dns record domain name" + }, + { + "value": "FileDirectory", + "description": "The file directory full path" + }, + { + "value": "FileName", + "description": "The file name without path" + }, + { + "value": "FileHashValue", + "description": "The file hash value" + }, + { + "value": "HostAzureID", + "description": "The host Azure resource id" + }, + { + "value": "HostName", + "description": "The host name without domain" + }, + { + "value": "HostNetBiosName", + "description": "The host NetBIOS name" + }, + { + "value": "HostNTDomain", + "description": "The host NT domain" + }, + { + "value": "HostOSVersion", + "description": "The host operating system" + }, + { + "value": "IoTDeviceId", + "description": "\"The IoT device id" + }, + { + "value": "IoTDeviceName", + "description": "The IoT device name" + }, + { + "value": "IoTDeviceType", + "description": "The IoT device type" + }, + { + "value": "IoTDeviceVendor", + "description": "The IoT device vendor" + }, + { + "value": "IoTDeviceModel", + "description": "The IoT device model" + }, + { + "value": "IoTDeviceOperatingSystem", + "description": "The IoT device operating system" + }, + { + "value": "IPAddress", + "description": "The IP address" + }, + { + "value": "MailboxDisplayName", + "description": "The mailbox display name" + }, + { + "value": "MailboxPrimaryAddress", + "description": "The mailbox primary address" + }, + { + "value": "MailboxUPN", + "description": "The mailbox user principal name" + }, + { + "value": "MailMessageDeliveryAction", + "description": "The mail message delivery action" + }, + { + "value": "MailMessageDeliveryLocation", + "description": "The mail message delivery location" + }, + { + "value": "MailMessageRecipient", + "description": "The mail message recipient" + }, + { + "value": "MailMessageSenderIP", + "description": "The mail message sender IP address" + }, + { + "value": "MailMessageSubject", + "description": "The mail message subject" + }, + { + "value": "MailMessageP1Sender", + "description": "The mail message P1 sender" + }, + { + "value": "MailMessageP2Sender", + "description": "The mail message P2 sender" + }, + { + "value": "MalwareCategory", + "description": "The malware category" + }, + { + "value": "MalwareName", + "description": "The malware name" + }, + { + "value": "ProcessCommandLine", + "description": "The process execution command line" + }, + { + "value": "ProcessId", + "description": "The process id" + }, + { + "value": "RegistryKey", + "description": "The registry key path" + }, + { + "value": "RegistryValueData", + "description": "The registry key value in string formatted representation" + }, + { + "value": "Url", + "description": "The url" + } + ] + } + }, + "AutomationRulePropertyValuesChangedCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedPropertyType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedChangedType" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRulePropertyValuesCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRuleRunPlaybookAction": { + "description": "Describes an automation rule action to run a playbook", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/PlaybookActionProperties" + } + }, + "x-ms-discriminator-value": "RunPlaybook", + "x-ms-client-flatten": true + }, + "AutomationRulesList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRule" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "AutomationRuleTriggeringLogic": { + "description": "Describes automation rule triggering logic.", + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ], + "type": "object", + "properties": { + "isEnabled": { + "description": "Determines whether the automation rule is enabled or disabled.", + "type": "boolean" + }, + "expirationTimeUtc": { + "format": "date-time", + "description": "Determines when the automation rule should automatically expire and be disabled.", + "type": "string" + }, + "triggersOn": { + "$ref": "#/definitions/triggersOn" + }, + "triggersWhen": { + "$ref": "#/definitions/triggersWhen" + }, + "conditions": { + "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object.", + "type": "array", + "maxItems": 50, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [ + "conditionType" + ] + } + } + }, + "BooleanConditionProperties": { + "description": "Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRuleBooleanCondition" + } + }, + "x-ms-discriminator-value": "Boolean", + "x-ms-client-flatten": true + }, + "ConditionType": { + "enum": [ + "Property", + "PropertyArray", + "PropertyChanged", + "PropertyArrayChanged", + "Boolean" + ], + "type": "string", + "example": "Property", + "x-ms-enum": { + "name": "ConditionType", + "modelAsString": true, + "values": [ + { + "value": "Property", + "description": "Evaluate an object property value" + }, + { + "value": "PropertyArray", + "description": "Evaluate an object array property value" + }, + { + "value": "PropertyChanged", + "description": "Evaluate an object property changed value" + }, + { + "value": "PropertyArrayChanged", + "description": "Evaluate an object array property changed value" + }, + { + "value": "Boolean", + "description": "Apply a boolean operator (e.g AND, OR) to conditions" + } + ] + } + }, + "EntityManualTriggerRequestBody": { + "type": "object", + "description": "Describes the request body for triggering a playbook on an entity.", + "required": [ + "logicAppsResourceId" + ], + "properties": { + "incidentArmId": { + "type": "string", + "description": "Incident ARM id." + }, + "tenantId": { + "format": "uuid", + "type": "string", + "description": "The tenant id of the playbook resource." + }, + "logicAppsResourceId": { + "type": "string", + "description": "The resource id of the playbook resource." + } + } + }, + "IncidentPropertiesAction": { + "type": "object", + "properties": { + "severity": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" + }, + "status": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" + }, + "classification": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" + }, + "classificationReason": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed.", + "type": "string" + }, + "owner": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" + }, + "labels": { + "description": "List of labels to add to the incident.", + "type": "array", + "x-ms-identifiers": [ + "labelName" + ], + "items": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" + } + } + } + }, + "ManualTriggerRequestBody": { + "type": "object", + "required": [ + "logicAppsResourceId" + ], + "properties": { + "tenantId": { + "format": "uuid", + "type": "string" + }, + "logicAppsResourceId": { + "type": "string" + } + } + }, + "PlaybookActionProperties": { + "type": "object", + "required": [ + "logicAppResourceId" + ], + "properties": { + "logicAppResourceId": { + "description": "The resource id of the playbook resource.", + "type": "string" + }, + "tenantId": { + "format": "uuid", + "description": "The tenant id of the playbook resource.", + "type": "string" + } + } + }, + "PropertyArrayChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates an array property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyArrayChangedValuesCondition" + } + }, + "x-ms-discriminator-value": "PropertyArrayChanged", + "x-ms-client-flatten": true + }, + "PropertyArrayConditionProperties": { + "description": "Describes an automation rule condition that evaluates an array property's value", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyArrayValuesCondition" + } + }, + "x-ms-discriminator-value": "PropertyArray", + "x-ms-client-flatten": true + }, + "PropertyChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyValuesChangedCondition" + } + }, + "x-ms-discriminator-value": "PropertyChanged", + "x-ms-client-flatten": true + }, + "PropertyConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyValuesCondition" + } + }, + "x-ms-discriminator-value": "Property", + "x-ms-client-flatten": true + }, + "triggersOn": { + "enum": [ + "Incidents", + "Alerts" + ], + "type": "string", + "example": "Incidents", + "x-ms-enum": { + "name": "triggersOn", + "modelAsString": true, + "values": [ + { + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, + "triggersWhen": { + "enum": [ + "Created", + "Updated" + ], + "type": "string", + "example": "Created", + "x-ms-enum": { + "name": "triggersWhen", + "modelAsString": true, + "values": [ + { + "value": "Created", + "description": "Trigger on created objects" + }, + { + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } + } + }, + "parameters": { + "AutomationRule": { + "name": "automationRule", + "description": "The automation rule", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "AutomationRuleId": { + "in": "path", + "name": "automationRuleId", + "description": "Automation rule ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json new file mode 100644 index 000000000000..30b42bd4a28b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json @@ -0,0 +1,226 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics": { + "get": { + "x-ms-examples": { + "Get all Microsoft Sentinel billing statistics.": { + "$ref": "./examples/billingStatistics/GetAllBillingStatistics.json" + } + }, + "tags": [ + "billingStatistics" + ], + "description": "Gets all Microsoft Sentinel billing statistics.", + "operationId": "BillingStatistics_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BillingStatisticList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}": { + "get": { + "x-ms-examples": { + "Get a billing statistic.": { + "$ref": "./examples/billingStatistics/GetBillingStatistic.json" + } + }, + "tags": [ + "billingStatistics" + ], + "description": "Gets a billing statistic", + "operationId": "BillingStatistics_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BillingStatisticName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BillingStatistic" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "BillingStatisticList": { + "description": "List of all Microsoft Sentinel billing statistics.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of billing statistics.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of billing statistics.", + "items": { + "$ref": "#/definitions/BillingStatistic" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "BillingStatistic": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "Billing statistic", + "properties": { + "kind": { + "$ref": "#/definitions/BillingStatisticKindEnum", + "description": "The kind of the billing statistic" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "BillingStatisticKindEnum": { + "description": "The kind of the billing statistic", + "enum": [ + "SapSolutionUsage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "BillingStatisticKind", + "values": [ + { + "value": "SapSolutionUsage" + } + ] + } + }, + "SapSolutionUsageStatistic": { + "allOf": [ + { + "$ref": "#/definitions/BillingStatistic" + } + ], + "description": "Billing statistic about the Microsoft Sentinel solution for SAP Usage", + "properties": { + "properties": { + "$ref": "#/definitions/SapSolutionUsageStatisticProperties", + "description": "The SAP solution usage object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SapSolutionUsage" + }, + "SapSolutionUsageStatisticProperties": { + "description": "Properties of the billing statistic about the Microsoft Sentinel solution for SAP usage", + "properties": { + "activeSystemIdCount": { + "description": "The latest count of active SAP system IDs under the Microsoft Sentinel solution for SAP Usage", + "type": "integer", + "format": "int64", + "readOnly": true + } + }, + "type": "object" + } + }, + "parameters": { + "BillingStatisticName": { + "description": "The name of the billing statistic", + "in": "path", + "name": "billingStatisticName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json new file mode 100644 index 000000000000..374f1b7e009c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json @@ -0,0 +1,751 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "operationId": "Bookmarks_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "operationId": "Bookmarks_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "operationId": "Bookmarks_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/Bookmark" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "operationId": "Bookmarks_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations": { + "get": { + "x-ms-examples": { + "Get all bookmark relations.": { + "$ref": "./examples/bookmarks/relations/GetAllBookmarkRelations.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets all bookmark relations.", + "operationId": "BookmarkRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand": { + "post": { + "x-ms-examples": { + "Expand an bookmark": { + "$ref": "./examples/bookmarks/expand/PostExpandBookmark.json" + } + }, + "description": "Expand an bookmark", + "operationId": "Bookmark_Expand", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/BookmarkExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "tags": [ + "Bookmark" + ] + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/GetBookmarkRelationByName.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets a bookmark relation.", + "operationId": "BookmarkRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/CreateBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Creates the bookmark relation.", + "operationId": "BookmarkRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the bookmark relation.": { + "$ref": "./examples/bookmarks/relations/DeleteBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Delete the bookmark relation.", + "operationId": "BookmarkRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Bookmark": { + "description": "The bookmark", + "in": "body", + "name": "bookmark", + "required": true, + "schema": { + "$ref": "#/definitions/Bookmark" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/BookmarkExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkId": { + "description": "Bookmark ID", + "in": "path", + "name": "bookmarkId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "Bookmark": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "BookmarkExpandParameters": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "BookmarkExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "./common/EntityTypes.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array" + }, + "edges": { + "description": "Array of expansion result connected entities", + "items": { + "$ref": "#/definitions/ConnectedEntity" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "BookmarkList": { + "description": "List all the bookmarks.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of bookmarks.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of bookmarks.", + "items": { + "$ref": "#/definitions/Bookmark" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "eventTime": { + "description": "The bookmark event time", + "format": "date-time", + "type": "string" + }, + "queryStartTime": { + "description": "The start time for the query", + "format": "date-time", + "type": "string" + }, + "queryEndTime": { + "description": "The end time for the query", + "format": "date-time", + "type": "string" + }, + "incidentInfo": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappingsList", + "description": "Describes the entity mappings of the bookmark", + "type": "object" + }, + "tactics": { + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "description": "A list of relevant mitre attacks", + "type": "array" + }, + "techniques": { + "items": { + "$ref": "#/definitions/AttackTechnique" + }, + "description": "A list of relevant mitre techniques", + "type": "array" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "ConnectedEntity": { + "description": "Expansion result connected entities", + "properties": { + "targetEntityId": { + "description": "Entity Id of the connected entity", + "type": "string" + }, + "additionalData": { + "description": "key-value pairs for a connected entity mapping", + "type": "object" + } + }, + "type": "object" + }, + "EntityMappingsList": { + "description": "Describes the entity mappings of the bookmark", + "items": { + "$ref": "#/definitions/BookmarkEntityMappings" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "BookmarkEntityMappings": { + "description": "Describes the entity mappings of a single entity", + "properties": { + "entityType": { + "description": "The entity type", + "type": "string" + }, + "fieldMappings": { + "description": "Array of fields mapping for that entity type", + "items": { + "$ref": "#/definitions/EntityFieldMapping" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "EntityFieldMapping": { + "description": "Map identifiers of a single entity", + "properties": { + "identifier": { + "description": "Alert V3 identifier", + "type": "string" + }, + "value": { + "description": "The value of the identifier", + "type": "string" + } + }, + "type": "object" + }, + "AttackTechnique": { + "description": "Mitre technique (https://attack.mitre.org/matrices/enterprise/)", + "type": "string" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json new file mode 100644 index 000000000000..1197b5ba9970 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json @@ -0,0 +1,453 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages": { + "get": { + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetPackages.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Gets all installed packages.", + "operationId": "ContentPackages_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}": { + "get": { + "x-ms-examples": { + "Get installed packages by id.": { + "$ref": "./examples/contentPackages/GetPackageById.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Gets an installed packages by its id.", + "operationId": "ContentPackages_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Install a package to the workspace.": { + "$ref": "./examples/contentPackages/InstallPackage.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Install a package to the workspace.", + "operationId": "ContentPackage_Install", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + }, + { + "$ref": "#/parameters/PackageInstallationProperties" + } + ], + "responses": { + "200": { + "description": "OK, a package is updated.", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Uninstall a package from the workspace.": { + "$ref": "./examples/contentPackages/UninstallPackage.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Uninstall a package from the workspace.", + "operationId": "ContentPackage_Uninstall", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "packageList": { + "description": "List available packages.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of packages.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of packages.", + "items": { + "$ref": "#/definitions/packageModel" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "packageModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "description": "package properties", + "$ref": "#/definitions/packageProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "packageProperties": { + "description": "Describes package properties", + "properties": { + "contentId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "The package id" + }, + "contentKind": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is among the featured list." + }, + "version": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "the latest version number of the package" + }, + "displayName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "The display name of the package" + }, + "description": { + "description": "The description of the package", + "type": "string" + }, + "publisherDisplayName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", + "description": "Providers for the package item" + }, + "firstPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", + "description": "first publish date package item" + }, + "lastPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "icon": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + } + }, + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ], + "type": "object" + }, + "metadataDependencies": { + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "type": "object", + "properties": { + "contentId": { + "description": "Id of the content item we depend on", + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId" + }, + "kind": { + "description": "Type of the content item we depend on", + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataKind" + }, + "version": { + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion" + }, + "name": { + "description": "Name of the content item", + "type": "string" + }, + "operator": { + "description": "Operator used for list of dependencies in criteria array.", + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "operator", + "values": [ + { + "value": "AND" + }, + { + "value": "OR" + } + ] + } + }, + "criteria": { + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "type": "array", + "items": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "x-ms-identifiers": [], + "example": [ + { + "kind": "DataConnector", + "contentId": "68b1de8a-b635-430d-b208-01ba3dda5877", + "version": "1.0.0" + }, + { + "kind": "Workbook", + "contentId": "ad903b46-9905-4504-9825-3bcce796da8e", + "version": "1.0.0" + } + ] + } + } + } + }, + "parameters": { + "PackageIdParameter": { + "description": "package Id", + "in": "path", + "name": "packageId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "PackageInstallationProperties": { + "description": "Package installation properties", + "in": "body", + "name": "packageInstallationProperties", + "required": true, + "schema": { + "$ref": "#/definitions/packageModel" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json new file mode 100644 index 000000000000..1c4ef5176831 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json @@ -0,0 +1,297 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages": { + "get": { + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetProductPackages.json" + } + }, + "tags": [ + "ContentProductPackages" + ], + "description": "Gets all packages from the catalog.", + "operationId": "ProductPackages_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}": { + "get": { + "x-ms-examples": { + "Get a package.": { + "$ref": "./examples/contentPackages/GetProductPackageById.json" + } + }, + "tags": [ + "ContentProductPackages" + ], + "description": "Gets a package by its identifier from the catalog.", + "operationId": "ProductPackage_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "packageList": { + "description": "List available packages.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of packages.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of packages.", + "items": { + "$ref": "#/definitions/packageModel" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "packageModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "description": "package properties", + "$ref": "#/definitions/packageProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "packageProperties": { + "description": "Describes package properties", + "properties": { + "contentId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "The content id of the package" + }, + "contentKind": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", + "description": "The package kind" + }, + "installedVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "The version of the installed package, null or absent means not installed." + }, + "contentSchemaVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "The version of the content schema." + }, + "resourceId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "The metadata resource id." + }, + "isNew": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is among the featured list." + }, + "version": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "the latest version number of the package" + }, + "displayName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "The display name of the package" + }, + "description": { + "description": "The description of the package", + "type": "string" + }, + "publisherDisplayName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", + "description": "Providers for the package item" + }, + "firstPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", + "description": "first publish date package item" + }, + "lastPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "icon": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "packagedContent": { + "type": "object", + "description": "the json to deploy" + } + }, + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ], + "type": "object" + } + }, + "parameters": { + "PackageIdParameter": { + "description": "package Id", + "in": "path", + "name": "packageId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json new file mode 100644 index 000000000000..95d25580b904 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json @@ -0,0 +1,298 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates": { + "get": { + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetProductTemplates.json" + } + }, + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets all templates in the catalog.", + "operationId": "ProductTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}": { + "get": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetProductTemplateById.json" + } + }, + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets a template by its identifier.", + "operationId": "ProductTemplate_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "templateList": { + "description": "List of all the template.", + "type": "object", + "properties": { + "value": { + "description": "Array of templates.", + "items": { + "$ref": "#/definitions/templateModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of template.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "templateModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Template resource definition.", + "properties": { + "properties": { + "description": "template properties", + "$ref": "#/definitions/templateProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "templateProperties": { + "description": "Template property bag.", + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source" + ], + "type": "object", + "properties": { + "contentId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the template is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataKind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", + "description": "Providers for the content item" + }, + "firstPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", + "description": "first publish date content item" + }, + "lastPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", + "description": "last publish date for the content item" + }, + "customVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + }, + "packageId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "the name of the package contains this template" + }, + "packagedContent": { + "type": "object", + "description": "the json to deploy" + } + } + } + }, + "parameters": { + "templateIdParameter": { + "description": "template Id", + "in": "path", + "name": "templateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json new file mode 100644 index 000000000000..4b7dbc6a1dc0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json @@ -0,0 +1,400 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates": { + "get": { + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetTemplates.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Gets all installed templates.", + "operationId": "ContentTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}": { + "put": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/InstallTemplate.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Install a template.", + "operationId": "ContentTemplate_Install", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + }, + { + "$ref": "#/parameters/templateInstallationProperties" + } + ], + "responses": { + "200": { + "description": "OK, a template is updated.", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "get": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetTemplateById.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Gets a template byt its identifier.", + "operationId": "ContentTemplate_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/contentTemplates/DeleteTemplate.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Delete an installed template.", + "operationId": "ContentTemplate_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "templateList": { + "description": "List of all the template.", + "type": "object", + "properties": { + "value": { + "description": "Array of templates.", + "items": { + "$ref": "#/definitions/templateModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of template.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "templateModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Template resource definition.", + "properties": { + "properties": { + "description": "template properties", + "$ref": "#/definitions/templateProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "templateProperties": { + "description": "Template property bag.", + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source", + "packageId" + ], + "type": "object", + "properties": { + "contentId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "version": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataKind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", + "description": "Providers for the content item" + }, + "firstPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", + "description": "first publish date content item" + }, + "lastPublishDate": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", + "description": "last publish date for the content item" + }, + "customVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + }, + "packageId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", + "description": "the name of the package contains this template" + }, + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content", + "type": "object" + } + } + } + }, + "parameters": { + "templateIdParameter": { + "description": "template Id", + "in": "path", + "name": "templateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "templateInstallationProperties": { + "description": "Template installation properties", + "in": "body", + "name": "templateInstallationProperties", + "required": true, + "schema": { + "$ref": "#/definitions/templateModel" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json new file mode 100644 index 000000000000..b89cc6dc53f1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json @@ -0,0 +1,381 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/": { + "get": { + "x-ms-examples": { + "Get geodata for a single IP address": { + "$ref": "./examples/enrichment/GetGeodataByIp.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get geodata for a single IP address", + "operationId": "IPGeodata_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/EnrichmentIpAddress" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentIpGeodata" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this ip.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/": { + "get": { + "x-ms-examples": { + "Get whois information for a single domain name": { + "$ref": "./examples/enrichment/GetWhoisByDomainName.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get whois information for a single domain name", + "operationId": "DomainWhois_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/EnrichmentDomain" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentDomainWhois" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this domain.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EnrichmentIpAddress": { + "description": "IP address (v4 or v6) to be enriched", + "in": "query", + "name": "ipAddress", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EnrichmentDomain": { + "description": "Domain name to be enriched", + "in": "query", + "name": "domain", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "EnrichmentDomainWhois": { + "description": "Whois information for a given domain and associated metadata", + "properties": { + "domain": { + "description": "The domain for this whois record", + "type": "string" + }, + "server": { + "description": "The hostname of this registrar's whois server", + "type": "string" + }, + "created": { + "description": "The timestamp at which this record was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The timestamp at which this record was last updated", + "format": "date-time", + "type": "string" + }, + "expires": { + "description": "The timestamp at which this record will expire", + "format": "date-time", + "type": "string" + }, + "parsedWhois": { + "description": "The whois record for a given domain", + "$ref": "#/definitions/EnrichmentDomainWhoisDetails" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisDetails": { + "description": "The whois record for a given domain", + "properties": { + "registrar": { + "description": "The registrar associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails" + }, + "contacts": { + "description": "The set of contacts associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisContacts" + }, + "nameServers": { + "description": "A list of name servers associated with this domain", + "type": "array", + "items": { + "type": "string" + } + }, + "statuses": { + "description": "The set of status flags for this whois record", + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisRegistrarDetails": { + "description": "The registrar associated with this domain", + "properties": { + "name": { + "description": "The name of this registrar", + "type": "string" + }, + "abuseContactEmail": { + "description": "This registrar's abuse contact email", + "type": "string" + }, + "abuseContactPhone": { + "description": "This registrar's abuse contact phone number", + "type": "string" + }, + "ianaId": { + "description": "This registrar's Internet Assigned Numbers Authority id", + "type": "string" + }, + "url": { + "description": "This registrar's URL", + "type": "string" + }, + "whoisServer": { + "description": "The hostname of this registrar's whois server", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContacts": { + "description": "The set of contacts associated with this domain", + "properties": { + "admin": { + "description": "The admin contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "billing": { + "description": "The billing contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "registrant": { + "description": "The registrant contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "tech": { + "description": "The technical contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContact": { + "description": "An individual contact associated with this domain", + "properties": { + "name": { + "description": "The name of this contact", + "type": "string" + }, + "org": { + "description": "The organization for this contact", + "type": "string" + }, + "street": { + "description": "A list describing the street address for this contact", + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "description": "The city for this contact", + "type": "string" + }, + "state": { + "description": "The state for this contact", + "type": "string" + }, + "postal": { + "description": "The postal code for this contact", + "type": "string" + }, + "country": { + "description": "The country for this contact", + "type": "string" + }, + "phone": { + "description": "The phone number for this contact", + "type": "string" + }, + "fax": { + "description": "The fax number for this contact", + "type": "string" + }, + "email": { + "description": "The email address for this contact", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentIpGeodata": { + "description": "Geodata information for a given IP address", + "properties": { + "asn": { + "description": "The autonomous system number associated with this IP address", + "type": "string" + }, + "carrier": { + "description": "The name of the carrier for this IP address", + "type": "string" + }, + "city": { + "description": "The city this IP address is located in", + "type": "string" + }, + "cityCf": { + "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "continent": { + "description": "The continent this IP address is located on", + "type": "string" + }, + "country": { + "description": "The county this IP address is located in", + "type": "string" + }, + "countryCf": { + "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "ipAddr": { + "description": "The dotted-decimal or colon-separated string representation of the IP address", + "type": "string" + }, + "ipRoutingType": { + "description": "A description of the connection type of this IP address", + "type": "string" + }, + "latitude": { + "description": "The latitude of this IP address", + "type": "string" + }, + "longitude": { + "description": "The longitude of this IP address", + "type": "string" + }, + "organization": { + "description": "The name of the organization for this IP address", + "type": "string" + }, + "organizationType": { + "description": "The type of the organization for this IP address", + "type": "string" + }, + "region": { + "description": "The geographic region this IP address is located in", + "type": "string" + }, + "state": { + "description": "The state this IP address is located in", + "type": "string" + }, + "stateCf": { + "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "stateCode": { + "description": "The abbreviated name for the state this IP address is located in", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json new file mode 100644 index 000000000000..af9f39337292 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json @@ -0,0 +1,1556 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities": { + "get": { + "x-ms-examples": { + "Get all entities.": { + "$ref": "./examples/entities/GetEntities.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets all entities.", + "operationId": "Entities_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}": { + "get": { + "x-ms-examples": { + "Get an account entity.": { + "$ref": "./examples/entities/GetAccountEntityById.json" + }, + "Get a host entity.": { + "$ref": "./examples/entities/GetHostEntityById.json" + }, + "Get a file entity.": { + "$ref": "./examples/entities/GetFileEntityById.json" + }, + "Get a security alert entity.": { + "$ref": "./examples/entities/GetSecurityAlertEntityById.json" + }, + "Get a file hash entity.": { + "$ref": "./examples/entities/GetFileHashEntityById.json" + }, + "Get a malware entity.": { + "$ref": "./examples/entities/GetMalwareEntityById.json" + }, + "Get a security group entity.": { + "$ref": "./examples/entities/GetSecurityGroupEntityById.json" + }, + "Get an azure resource entity.": { + "$ref": "./examples/entities/GetAzureResourceEntityById.json" + }, + "Get a cloud application entity.": { + "$ref": "./examples/entities/GetCloudApplicationEntityById.json" + }, + "Get a process entity.": { + "$ref": "./examples/entities/GetProcessEntityById.json" + }, + "Get a dns entity.": { + "$ref": "./examples/entities/GetDnsEntityById.json" + }, + "Get an ip entity.": { + "$ref": "./examples/entities/GetIpEntityById.json" + }, + "Get a registry key entity.": { + "$ref": "./examples/entities/GetRegistryKeyEntityById.json" + }, + "Get a registry value entity.": { + "$ref": "./examples/entities/GetRegistryValueEntityById.json" + }, + "Get a url entity.": { + "$ref": "./examples/entities/GetUrlEntityById.json" + }, + "Get an IoT device entity.": { + "$ref": "./examples/entities/GetIoTDeviceEntityById.json" + }, + "Get a mailCluster entity.": { + "$ref": "./examples/entities/GetMailClusterEntityById.json" + }, + "Get a mailbox entity.": { + "$ref": "./examples/entities/GetMailboxEntityById.json" + }, + "Get a mailMessage entity.": { + "$ref": "./examples/entities/GetMailMessageEntityById.json" + }, + "Get a submissionMail entity.": { + "$ref": "./examples/entities/GetSubmissionMailEntityById.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets an entity.", + "operationId": "Entities_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand": { + "post": { + "x-ms-examples": { + "Expand an entity": { + "$ref": "./examples/entities/expand/PostExpandEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Expands an entity.", + "operationId": "Entities_Expand", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline": { + "post": { + "x-ms-examples": { + "Entity timeline": { + "$ref": "./examples/entities/timeline/PostTimelineEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Timeline for an entity.", + "operationId": "EntitiesGetTimeline_list", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityTimelineRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityTimelineResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries": { + "get": { + "x-ms-examples": { + "Get Entity Query": { + "$ref": "./examples/entities/GetQueries.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Get Insights and Activities for an entity.", + "operationId": "Entities_Queries", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityQueryKindParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/GetQueriesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights": { + "post": { + "x-ms-examples": { + "Entity Insight": { + "$ref": "./examples/entities/insights/PostGetInsights.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Execute Insights for an entity.", + "operationId": "Entities_GetInsights", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/GetInsightsEntityQueriesRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityGetInsightsResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations": { + "get": { + "x-ms-examples": { + "Get all relations of an entity.": { + "$ref": "./examples/entities/relations/GetAllEntityRelations.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets all relations of an entity.", + "operationId": "EntitiesRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an entity relation.": { + "$ref": "./examples/entities/relations/GetEntityRelationByName.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets an entity relation.", + "operationId": "EntityRelations_GetRelation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EntityExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityId": { + "description": "entity ID", + "in": "path", + "name": "entityId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityTimelineRequestBody": { + "description": "The parameters required to execute an timeline operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityTimelineParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityQueryKindParam": { + "description": "The Kind parameter for queries", + "in": "query", + "name": "kind", + "required": true, + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "EntityItemQueryKind", + "values": [ + { + "description": "insight", + "value": "Insight" + } + ] + }, + "x-ms-parameter-location": "method" + }, + "GetInsightsEntityQueriesRequestBody": { + "description": "The parameters required to execute insights on the given entity.", + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/EntityGetInsightsParameters" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ActivityTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents Activity timeline item.", + "properties": { + "queryId": { + "type": "string", + "description": "The activity query id." + }, + "bucketStartTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket start time." + }, + "bucketEndTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket end time." + }, + "firstActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the first activity in the grouping bucket." + }, + "lastActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the last activity in the grouping bucket." + }, + "content": { + "type": "string", + "description": "The activity timeline content." + }, + "title": { + "type": "string", + "description": "The activity timeline title." + } + }, + "required": [ + "queryId", + "bucketStartTimeUTC", + "bucketEndTimeUTC", + "firstActivityTimeUTC", + "lastActivityTimeUTC", + "content", + "title" + ], + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "BookmarkTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents bookmark timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The bookmark azure resource id." + }, + "displayName": { + "type": "string", + "description": "The bookmark display name." + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark start time." + }, + "eventTime": { + "format": "date-time", + "type": "string", + "description": "The bookmark event time." + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "azureResourceId" + ], + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "AnomalyTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents anomaly timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The anomaly azure resource id." + }, + "productName": { + "type": "string", + "description": "The anomaly product name." + }, + "description": { + "type": "string", + "description": "The anomaly description." + }, + "displayName": { + "type": "string", + "description": "The anomaly name." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The anomaly end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The anomaly start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The anomaly generated time." + }, + "vendor": { + "type": "string", + "description": "The name of the anomaly vendor." + }, + "intent": { + "type": "string", + "description": "The intent of the anomaly." + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "technique of the anomaly" + }, + "description": "The techniques of the anomaly." + }, + "reasons": { + "type": "array", + "items": { + "type": "string", + "description": "Reason of the anomaly" + }, + "description": "The reasons that cause the anomaly." + } + }, + "required": [ + "azureResourceId", + "displayName", + "endTimeUtc", + "startTimeUtc", + "timeGenerated" + ], + "type": "object", + "x-ms-discriminator-value": "Anomaly" + }, + "EntityGetInsightsParameters": { + "description": "The parameters required to execute insights operation on the given entity.", + "type": "object", + "properties": { + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "addDefaultExtendedTimeRange": { + "description": "Indicates if query time range should be extended with default time range of the query. Default value is false", + "type": "boolean" + }, + "insightQueryIds": { + "description": "List of Insights Query Id. If empty, default value is all insights of this entity", + "type": "array", + "items": { + "description": "Insight Query Id (GUID)", + "format": "uuid", + "type": "string" + } + } + }, + "required": [ + "startTime", + "endTime" + ] + }, + "EntityGetInsightsResponse": { + "description": "The Get Insights result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/GetInsightsResultsMetadata", + "description": "The metadata from the get insights operation results." + }, + "value": { + "description": "The insights result values.", + "items": { + "$ref": "#/definitions/EntityInsightItem" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "EntityEdges": { + "description": "The edge that connects the entity to the other entity.", + "properties": { + "targetEntityId": { + "description": "The target entity Id.", + "type": "string" + }, + "additionalData": { + "additionalProperties": true, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "type": "object" + } + }, + "type": "object" + }, + "EntityExpandParameters": { + "description": "The parameters required to execute an expand operation on the given entity.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "EntityExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "./common/EntityTypes.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "edges": { + "description": "Array of edges that connects the entity to the list of entities.", + "items": { + "$ref": "#/definitions/EntityEdges" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "EntityInsightItem": { + "description": "Entity insight Item.", + "type": "object", + "properties": { + "queryId": { + "type": "string", + "description": "The query id of the insight" + }, + "queryTimeInterval": { + "type": "object", + "description": "The Time interval that the query actually executed on.", + "properties": { + "startTime": { + "format": "date-time", + "type": "string", + "description": "Insight query start time" + }, + "endTime": { + "format": "date-time", + "type": "string", + "description": "Insight query end time" + } + } + }, + "tableQueryResults": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "chartQueryResults": { + "type": "array", + "description": "Query results for table insights query.", + "items": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "x-ms-identifiers": [] + } + } + }, + "EntityList": { + "description": "List of all the entities.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entities.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "EntityTimelineItem": { + "description": "Entity timeline Item.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "The entity query kind type." + } + }, + "required": [ + "kind" + ] + }, + "EntityTimelineResponse": { + "description": "The entity timeline result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/TimelineResultsMetadata", + "description": "The metadata from the timeline operation results." + }, + "value": { + "description": "The timeline result values.", + "items": { + "$ref": "#/definitions/EntityTimelineItem" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "EntityTimelineKind": { + "description": "The entity query kind", + "enum": [ + "Activity", + "Bookmark", + "SecurityAlert", + "Anomaly" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityTimelineKind", + "values": [ + { + "description": "activity", + "value": "Activity" + }, + { + "description": "bookmarks", + "value": "Bookmark" + }, + { + "description": "security alerts", + "value": "SecurityAlert" + }, + { + "description": "anomaly", + "value": "Anomaly" + } + ] + } + }, + "EntityTimelineParameters": { + "description": "The parameters required to execute s timeline operation on the given entity.", + "properties": { + "kinds": { + "description": "Array of timeline Item kinds.", + "items": { + "$ref": "#/definitions/EntityTimelineKind" + }, + "type": "array" + }, + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "numberOfBucket": { + "description": "The number of bucket for timeline queries aggregation.", + "type": "integer", + "format": "int32" + } + }, + "type": "object", + "required": [ + "startTime", + "endTime" + ] + }, + "EntityQueryItem": { + "description": "An abstract Query item for entity", + "type": "object", + "discriminator": "kind", + "properties": { + "id": { + "description": "Query Template ARM ID", + "type": "string", + "readOnly": true + }, + "name": { + "description": "Query Template ARM Name", + "type": "string" + }, + "type": { + "description": "ARM Type", + "type": "string" + }, + "kind": { + "$ref": "./common/EntityTypes.json#/definitions/EntityQueryKind", + "description": "The kind of the entity query" + } + }, + "required": [ + "kind" + ] + }, + "EntityQueryItemProperties": { + "description": "An properties abstract Query item for entity", + "type": "object", + "properties": { + "dataTypes": { + "description": "Data types for template", + "type": "array", + "items": { + "properties": { + "dataType": { + "description": "Data type name", + "type": "string" + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "inputEntityType": { + "description": "The type of the entity", + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType" + }, + "requiredInputFieldsSets": { + "description": "Data types for template", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object" + } + } + }, + "InsightsTableResult": { + "type": "object", + "description": "Query results for table insights query.", + "properties": { + "columns": { + "type": "array", + "description": "Columns Metadata of the table", + "items": { + "properties": { + "type": { + "type": "string", + "description": "the type of the colum" + }, + "name": { + "type": "string", + "description": "the name of the colum" + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "rows": { + "type": "array", + "description": "Rows data of the table", + "items": { + "type": "array", + "description": "Single row of data", + "items": { + "type": "string", + "description": "Cell in the table" + } + } + } + } + }, + "InsightQueryItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItem" + } + ], + "description": "Represents Insight Query.", + "properties": { + "properties": { + "description": "Properties bag for InsightQueryItem", + "$ref": "#/definitions/InsightQueryItemProperties" + } + }, + "type": "object", + "x-ms-discriminator-value": "Insight" + }, + "InsightQueryItemProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItemProperties" + } + ], + "description": "Represents Insight Query.", + "properties": { + "displayName": { + "type": "string", + "description": "The insight display name." + }, + "description": { + "type": "string", + "description": "The insight description." + }, + "baseQuery": { + "type": "string", + "description": "The base query of the insight." + }, + "tableQuery": { + "type": "object", + "description": "The insight table query.", + "properties": { + "columnsDefinitions": { + "type": "array", + "description": "List of insight column definitions.", + "items": { + "properties": { + "header": { + "type": "string", + "description": "Insight column header." + }, + "outputType": { + "type": "string", + "description": "Insights Column type.", + "enum": [ + "Number", + "String", + "Date", + "Entity" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "outputType" + } + }, + "supportDeepLink": { + "type": "boolean", + "description": "Is query supports deep-link." + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "queriesDefinitions": { + "type": "array", + "description": "List of insight queries definitions.", + "x-ms-identifiers": [], + "items": { + "properties": { + "filter": { + "type": "string", + "description": "Insight column header." + }, + "summarize": { + "type": "string", + "description": "Insight column header." + }, + "project": { + "type": "string", + "description": "Insight column header." + }, + "linkColumnsDefinitions": { + "type": "array", + "description": "Insight column header.", + "x-ms-identifiers": [], + "items": { + "properties": { + "projectedName": { + "type": "string", + "description": "Insight Link Definition Projected Name." + }, + "Query": { + "type": "string", + "description": "Insight Link Definition Query." + } + }, + "type": "object" + } + } + }, + "type": "object" + } + } + } + }, + "chartQuery": { + "type": "object", + "description": "The insight chart query." + }, + "additionalQuery": { + "type": "object", + "description": "The activity query definitions.", + "properties": { + "query": { + "type": "string", + "description": "The insight query." + }, + "text": { + "type": "string", + "description": "The insight text." + } + } + }, + "defaultTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "The padding for the start time of the query." + }, + "afterRange": { + "type": "string", + "description": "The padding for the end time of the query." + } + } + }, + "referenceTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "Additional query time for looking back." + } + } + } + }, + "type": "object" + }, + "GetInsightsResultsMetadata": { + "description": "Get Insights result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the insights request", + "type": "integer", + "format": "int32" + }, + "errors": { + "description": "information about the failed queries", + "items": { + "$ref": "#/definitions/GetInsightsErrorKind" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount" + ], + "type": "object" + }, + "GetInsightsErrorKind": { + "description": "GetInsights Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "GetInsightsError", + "values": [ + { + "value": "Insight" + } + ] + } + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "GetQueriesResponse": { + "description": "Retrieve queries for entity result operation response.", + "properties": { + "value": { + "description": "The query result values.", + "items": { + "$ref": "#/definitions/EntityQueryItem" + }, + "type": "array" + } + }, + "type": "object" + }, + "SecurityAlertTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents security alert timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The alert azure resource id." + }, + "productName": { + "type": "string", + "description": "The alert product name." + }, + "description": { + "type": "string", + "description": "The alert description." + }, + "displayName": { + "type": "string", + "description": "The alert name." + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The alert severity." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The alert generated time." + }, + "alertType": { + "type": "string", + "description": "The name of the alert type." + }, + "intent": { + "type": "string", + "description": "The intent of the alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "technique of the alert" + }, + "description": "The techniques of the alert." + } + }, + "required": [ + "azureResourceId", + "displayName", + "severity", + "endTimeUtc", + "startTimeUtc", + "timeGenerated", + "alertType" + ], + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "TimelineError": { + "description": "Timeline Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "TimelineResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the timeline request", + "type": "integer", + "format": "int32" + }, + "aggregations": { + "description": "timeline aggregation per kind", + "items": { + "$ref": "#/definitions/TimelineAggregation" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "errors": { + "description": "information about the failure queries", + "items": { + "$ref": "#/definitions/TimelineError" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount", + "aggregations" + ], + "type": "object" + }, + "TimelineAggregation": { + "description": "timeline aggregation information per kind", + "properties": { + "count": { + "description": "the total items found for a kind", + "type": "integer", + "format": "int32" + }, + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + } + }, + "required": [ + "kind", + "count" + ], + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json new file mode 100644 index 000000000000..b912bc49e40a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json @@ -0,0 +1,507 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries": { + "get": { + "x-ms-examples": { + "Get all entity queries.": { + "$ref": "./examples/entityQueries/GetEntityQueries.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity queries.", + "operationId": "EntityQueries_List", + "parameters": [ + { + "$ref": "#/parameters/EntityQueryKind" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}": { + "get": { + "x-ms-examples": { + "Get an Expansion entity query.": { + "$ref": "./examples/entityQueries/GetExpansionEntityQueryById.json" + }, + "Get an Activity entity query.": { + "$ref": "./examples/entityQueries/GetActivityEntityQueryById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueries_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Activity entity query.": { + "$ref": "./examples/entityQueries/CreateEntityQueryActivity.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Creates or updates the entity query.", + "operationId": "EntityQueries_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + }, + { + "$ref": "#/parameters/CustomEntityQuery" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an entity query.": { + "$ref": "./examples/entityQueries/DeleteEntityQuery.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Delete the entity query.", + "operationId": "EntityQueries_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CustomEntityQueryKind": { + "description": "The kind of the entity query that supports put request.", + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CustomEntityQueryKind", + "values": [ + { + "value": "Activity" + } + ] + } + }, + "EntityQueryList": { + "description": "List of all the entity queries.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity queries.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity queries.", + "items": { + "$ref": "#/definitions/EntityQuery" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "EntityQuery": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "./common/EntityTypes.json#/definitions/EntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "CustomEntityQuery": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query that supports put requests.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "#/definitions/CustomEntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "ExpansionEntityQuery": { + "description": "Represents Expansion entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExpansionEntityQueriesProperties", + "description": "Expansion entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Expansion" + }, + "ExpansionEntityQueriesProperties": { + "description": "Describes expansion entity query properties", + "properties": { + "dataSources": { + "description": "List of the data sources that are required to run the query", + "items": { + "description": "data source", + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The query display name", + "type": "string" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "inputFields": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "input field", + "type": "string" + }, + "type": "array" + }, + "outputEntityTypes": { + "description": "List of the desired output types to be constructed from the result", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "output entity type" + }, + "type": "array" + }, + "queryTemplate": { + "description": "The template query string to be parsed and formatted", + "type": "string" + } + }, + "type": "object" + }, + "ActivityEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityCustomEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/CustomEntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueriesProperties": { + "description": "Describes activity entity query properties", + "properties": { + "title": { + "description": "The entity query title", + "type": "string" + }, + "content": { + "description": "The entity query content to display in timeline", + "type": "string" + }, + "description": { + "description": "The entity query description", + "type": "string" + }, + "queryDefinitions": { + "description": "The Activity query definitions", + "properties": { + "query": { + "description": "The Activity query to run on a given entity", + "type": "string" + } + }, + "type": "object" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "Sub sets of the field of the source entity that are required to run the query", + "items": { + "description": "Required input field name", + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object", + "additionalProperties": { + "description": "Filter field name", + "items": { + "description": "Filter field values", + "type": "string" + }, + "type": "array" + } + }, + "templateName": { + "description": "The template id this activity was created from", + "type": "string" + }, + "enabled": { + "description": "Determines whether this activity is enabled or disabled.", + "type": "boolean" + }, + "createdTimeUtc": { + "description": "The time the activity was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the activity was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "EntityQueryId": { + "description": "entity query ID", + "in": "path", + "name": "entityQueryId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryKind": { + "description": "The entity query kind we want to fetch", + "in": "query", + "name": "kind", + "required": false, + "enum": [ + "Expansion", + "Activity" + ], + "type": "string", + "x-ms-parameter-location": "method" + }, + "CustomEntityQuery": { + "description": "The entity query we want to create or update", + "in": "body", + "name": "entityQuery", + "required": true, + "schema": { + "$ref": "#/definitions/CustomEntityQuery" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json new file mode 100644 index 000000000000..697f4fa3f603 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json @@ -0,0 +1,304 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates": { + "get": { + "x-ms-examples": { + "Get all entity query templates.": { + "$ref": "./examples/entityQueryTemplates/GetEntityQueryTemplates.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity query templates.", + "operationId": "EntityQueryTemplates_List", + "parameters": [ + { + "$ref": "#/parameters/EntityQueryTemplateKind" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryTemplateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}": { + "get": { + "x-ms-examples": { + "Get an Activity entity query template.": { + "$ref": "./examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueryTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "EntityQueryTemplateKind": { + "description": "The kind of the entity query template.", + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryTemplateKind", + "values": [ + { + "value": "Activity" + } + ] + } + }, + "EntityQueryTemplateList": { + "description": "List of all the entity query templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity query templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity query templates.", + "items": { + "$ref": "#/definitions/EntityQueryTemplate" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "EntityQueryTemplate": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Specific entity query template.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "#/definitions/EntityQueryTemplateKind", + "description": "the entity query template kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "ActivityEntityQueryTemplate": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQueryTemplate" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueryTemplateProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueryTemplateProperties": { + "description": "Describes activity entity query properties", + "properties": { + "title": { + "description": "The entity query title", + "type": "string" + }, + "content": { + "description": "The entity query content to display in timeline", + "type": "string" + }, + "description": { + "description": "The entity query description", + "type": "string" + }, + "queryDefinitions": { + "description": "The Activity query definitions", + "properties": { + "query": { + "description": "The Activity query to run on a given entity", + "type": "string" + }, + "summarizeBy": { + "description": "The dimensions we want to summarize the timeline results on, this is comma separated list", + "type": "string" + } + }, + "type": "object" + }, + "dataTypes": { + "description": "List of required data types for the given entity query template", + "items": { + "$ref": "#/definitions/DataTypeDefinitions" + }, + "type": "array" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "Sub sets of the field of the source entity that are required to run the query", + "items": { + "description": "Required input field name", + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object", + "additionalProperties": { + "description": "Filter field name", + "items": { + "description": "Filter field values", + "type": "string" + }, + "type": "array" + } + } + }, + "type": "object" + }, + "DataTypeDefinitions": { + "description": "The data type definition", + "properties": { + "dataType": { + "description": "The data type name", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "EntityQueryTemplateId": { + "description": "entity query template ID", + "in": "path", + "name": "entityQueryTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryTemplateKind": { + "description": "The entity template query kind we want to fetch", + "in": "query", + "name": "kind", + "required": false, + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json new file mode 100644 index 000000000000..8d1062f5cf0f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json @@ -0,0 +1,564 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports": { + "get": { + "x-ms-examples": { + "Get all file imports.": { + "$ref": "./examples/fileImports/GetFileImports.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets all file imports.", + "operationId": "FileImports_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImportList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}": { + "get": { + "x-ms-examples": { + "Get a file import.": { + "$ref": "./examples/fileImports/GetFileImportById.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets a file import.", + "operationId": "FileImports_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create a file import.": { + "$ref": "./examples/fileImports/CreateFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Creates the file import.", + "operationId": "FileImports_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + }, + { + "$ref": "#/parameters/FileImport" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a file import.": { + "$ref": "./examples/fileImports/DeleteFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Delete the file import.", + "operationId": "FileImports_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + } + }, + "definitions": { + "FileMetadata": { + "description": "Represents a file.", + "properties": { + "fileFormat": { + "description": "The format of the file", + "enum": [ + "CSV", + "JSON", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "fileFormat", + "values": [ + { + "description": "A CSV file.", + "value": "CSV" + }, + { + "description": "A JSON file.", + "value": "JSON" + }, + { + "description": "A file of other format.", + "value": "Unspecified" + } + ] + } + }, + "fileName": { + "description": "The name of the file.", + "type": "string" + }, + "fileSize": { + "description": "The size of the file.", + "format": "int32", + "type": "integer" + }, + "fileContentUri": { + "description": "A URI with a valid SAS token to allow uploading / downloading the file.", + "type": "string", + "readOnly": true + }, + "deleteStatus": { + "description": "Indicates whether the file was deleted from the storage account.", + "enum": [ + "Deleted", + "NotDeleted", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeleteStatus", + "values": [ + { + "description": "The file was deleted.", + "value": "Deleted" + }, + { + "description": "The file was not deleted.", + "value": "NotDeleted" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + }, + "readOnly": true + } + }, + "type": "object" + }, + "FileImport": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Represents a file import in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/FileImportProperties", + "description": "File import properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "FileImportList": { + "description": "List all the file imports.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of file imports.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of file imports.", + "items": { + "$ref": "#/definitions/FileImport" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "FileImportProperties": { + "description": "Describes the FileImport's properties", + "properties": { + "ingestionMode": { + "description": "Describes how to ingest the records in the file.", + "enum": [ + "IngestOnlyIfAllAreValid", + "IngestAnyValidRecords", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IngestionMode", + "values": [ + { + "description": "No records should be ingested when invalid records are detected.", + "value": "IngestOnlyIfAllAreValid" + }, + { + "description": "Valid records should still be ingested when invalid records are detected.", + "value": "IngestAnyValidRecords" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + } + }, + "contentType": { + "description": "The content type of this file.", + "enum": [ + "BasicIndicator", + "StixIndicator", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportContentType", + "values": [ + { + "description": "File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern.", + "value": "BasicIndicator" + }, + { + "description": "File containing STIX indicators.", + "value": "StixIndicator" + }, + { + "description": "File containing other records.", + "value": "Unspecified" + } + ] + } + }, + "createdTimeUTC": { + "description": "The time the file was imported.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "errorFile": { + "description": "Represents the error file (if the import was ingested with errors or failed the validation).", + "$ref": "#/definitions/FileMetadata", + "readOnly": true, + "type": "object" + }, + "errorsPreview": { + "description": "An ordered list of some of the errors that were encountered during validation.", + "items": { + "description": "An error that were encountered during validation.", + "$ref": "#/definitions/ValidationError" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "importFile": { + "description": "Represents the imported file.", + "$ref": "#/definitions/FileMetadata", + "type": "object" + }, + "ingestedRecordCount": { + "description": "The number of records that have been successfully ingested.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "source": { + "description": "The source for the data in the file.", + "type": "string" + }, + "state": { + "description": "The state of the file import.", + "enum": [ + "FatalError", + "Ingested", + "IngestedWithErrors", + "InProgress", + "Invalid", + "WaitingForUpload", + "Unspecified" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportState", + "values": [ + { + "description": "A fatal error has occurred while ingesting the file.", + "value": "FatalError" + }, + { + "description": "The file has been ingested.", + "value": "Ingested" + }, + { + "description": "The file has been ingested with errors.", + "value": "IngestedWithErrors" + }, + { + "description": "The file ingestion is in progress.", + "value": "InProgress" + }, + { + "description": "The file is invalid.", + "value": "Invalid" + }, + { + "description": "Waiting for the file to be uploaded.", + "value": "WaitingForUpload" + }, + { + "description": "Unspecified state.", + "value": "Unspecified" + } + ] + } + }, + "totalRecordCount": { + "description": "The number of records in the file.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "validRecordCount": { + "description": "The number of records that have passed validation.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "filesValidUntilTimeUTC": { + "description": "The time the files associated with this import are deleted from the storage account.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "importValidUntilTimeUTC": { + "description": "The time the file import record is soft deleted from the database and history.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "ingestionMode", + "contentType", + "importFile", + "source" + ], + "type": "object" + }, + "ValidationError": { + "description": "Describes an error encountered in the file during validation.", + "properties": { + "recordIndex": { + "description": "The number of the record that has the error.", + "type": "integer", + "format": "int32" + }, + "errorMessages": { + "description": "A list of descriptions of the error.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + } + }, + "parameters": { + "FileImportId": { + "description": "File import ID", + "in": "path", + "name": "fileImportId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "FileImport": { + "description": "The file import", + "in": "body", + "name": "fileImport", + "required": true, + "schema": { + "$ref": "#/definitions/FileImport" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json new file mode 100644 index 000000000000..3be17600ead8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json @@ -0,0 +1,992 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts": { + "get": { + "x-ms-examples": { + "Get all hunts.": { + "$ref": "./examples/hunts/GetHunts.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets all hunts, without relations and comments.", + "operationId": "Hunts_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}": { + "get": { + "x-ms-examples": { + "Get a hunt.": { + "$ref": "./examples/hunts/GetHuntById.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets a hunt, without relations and comments.", + "operationId": "Hunts_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt.": { + "$ref": "./examples/hunts/DeleteHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Delete a hunt.", + "operationId": "Hunts_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt.": { + "$ref": "./examples/hunts/CreateHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Create or update a hunt", + "operationId": "Hunts_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/Hunt" + } + ], + "responses": { + "200": { + "description": "Create or update the Hunt", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations": { + "get": { + "x-ms-examples": { + "Get all hunt relations.": { + "$ref": "./examples/hunts/GetHuntRelations.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets all hunt relations", + "operationId": "HuntRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}": { + "get": { + "x-ms-examples": { + "Get a hunt relation.": { + "$ref": "./examples/hunts/GetHuntRelationById.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets a hunt relation", + "operationId": "HuntRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt relation.": { + "$ref": "./examples/hunts/DeleteHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Delete a hunt relation.", + "operationId": "HuntRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt relation.": { + "$ref": "./examples/hunts/CreateHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + }, + { + "$ref": "#/parameters/HuntRelation" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt relation", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments": { + "get": { + "x-ms-examples": { + "Get all hunt comments.": { + "$ref": "./examples/hunts/GetHuntComments.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets all hunt comments", + "operationId": "HuntComments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}": { + "get": { + "x-ms-examples": { + "Get a hunt comment.": { + "$ref": "./examples/hunts/GetHuntCommentById.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets a hunt comment", + "operationId": "HuntComments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt comment.": { + "$ref": "./examples/hunts/DeleteHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Delete a hunt comment.", + "operationId": "HuntComments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt comment.": { + "$ref": "./examples/hunts/CreateHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntComments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + }, + { + "$ref": "#/parameters/HuntComment" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt comment", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "HuntList": { + "description": "List all the hunts.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunts.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunts.", + "items": { + "$ref": "#/definitions/Hunt" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Hunt": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntProperties", + "description": "Hunt properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntProperties": { + "description": "Describes hunt properties", + "properties": { + "displayName": { + "description": "The display name of the hunt", + "type": "string" + }, + "description": { + "description": "The description of the hunt", + "type": "string" + }, + "status": { + "description": "The status of the hunt.", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "status" + }, + "default": "New" + }, + "hypothesisStatus": { + "description": "The hypothesis status of the hunt.", + "enum": [ + "Unknown", + "Invalidated", + "Validated" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "hypothesisStatus" + }, + "default": "Unknown" + }, + "attackTactics": { + "description": "A list of mitre attack tactics the hunt is associated with", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "attackTechniques": { + "description": "A list of a mitre attack techniques the hunt is associated with", + "items": { + "description": "Attack Technique", + "type": "string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels relevant to this hunt ", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "owner": { + "$ref": "#/definitions/HuntOwner" + } + }, + "required": [ + "displayName", + "description" + ], + "type": "object" + }, + "HuntRelationList": { + "description": "List of all the hunt relations", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt relations.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt relations", + "items": { + "$ref": "#/definitions/HuntRelation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntRelation": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Relation in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntRelationProperties", + "description": "Hunt Relation properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntRelationProperties": { + "description": "Describes hunt relation properties", + "properties": { + "relatedResourceId": { + "description": "The id of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "type": "string", + "readOnly": true + }, + "relationType": { + "description": "The type of the hunt relation", + "type": "string", + "readOnly": true + }, + "relatedResourceKind": { + "description": "The resource that the relation is related to", + "type": "string", + "readOnly": true + }, + "labels": { + "description": "List of labels relevant to this hunt", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + }, + "HuntCommentList": { + "description": "List of all hunt comments", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt comments", + "items": { + "$ref": "#/definitions/HuntComment" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntComment": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Comment in Azure Security Insights", + "properties": { + "properties": { + "$ref": "#/definitions/HuntCommentProperties", + "description": "Hunt Comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntCommentProperties": { + "description": "Describes a hunt comment properties", + "properties": { + "message": { + "description": "The message for the comment", + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "HuntOwner": { + "description": "Describes a user that the hunt is assigned to", + "type": "object", + "properties": { + "email": { + "description": "The email of the user the hunt is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the hunt is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the hunt is assigned to.", + "format": "uuid", + "type": "string", + "x-nullable": true + }, + "userPrincipalName": { + "description": "The user principal name of the user the hunt is assigned to.", + "type": "string" + }, + "ownerType": { + "description": "The type of the owner the hunt is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The hunt owner type is unknown", + "value": "Unknown" + }, + { + "description": "The hunt owner type is an AAD user", + "value": "User" + }, + { + "description": "The hunt owner type is an AAD group", + "value": "Group" + } + ] + } + } + } + } + }, + "parameters": { + "Hunt": { + "description": "The hunt", + "name": "hunt", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/Hunt" + }, + "x-ms-parameter-location": "method" + }, + "HuntId": { + "description": "The hunt id (GUID)", + "in": "path", + "name": "huntId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntRelation": { + "description": "The hunt relation", + "in": "body", + "name": "huntRelation", + "required": true, + "schema": { + "$ref": "#/definitions/HuntRelation" + }, + "x-ms-parameter-location": "method" + }, + "HuntRelationId": { + "description": "The hunt relation id (GUID)", + "in": "path", + "name": "huntRelationId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntComment": { + "description": "The hunt comment", + "in": "body", + "name": "huntComment", + "required": true, + "schema": { + "$ref": "#/definitions/HuntComment" + }, + "x-ms-parameter-location": "method" + }, + "HuntCommentId": { + "description": "The hunt comment id (GUID)", + "in": "path", + "name": "huntCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json new file mode 100644 index 000000000000..81e2a17c98ae --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json @@ -0,0 +1,1658 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "operationId": "Incidents_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "Incidents_List": { + "$ref": "./examples/incidents/Incidents_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "tags": [ + "Incidents" + ], + "description": "Gets an incident.", + "operationId": "Incidents_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Get": { + "$ref": "./examples/incidents/Incidents_Get.json" + } + } + }, + "put": { + "tags": [ + "Incidents" + ], + "description": "Creates or updates the incident.", + "operationId": "Incidents_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/Incident" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_CreateOrUpdate": { + "$ref": "./examples/incidents/Incidents_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "Incidents" + ], + "description": "Delete the incident.", + "operationId": "Incidents_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Delete": { + "$ref": "./examples/incidents/Incidents_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam": { + "post": { + "tags": [ + "IncidentTeam" + ], + "description": "Creates a Microsoft team to investigate the incident by sharing information and insights between participants.", + "operationId": "Incidents_CreateTeam", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/TeamProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TeamInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_CreateTeam": { + "$ref": "./examples/incidents/IncidentTeam/Incidents_CreateTeam.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all incident alerts.", + "operationId": "Incidents_ListAlerts", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListAlerts": { + "$ref": "./examples/incidents/IncidentAlerts/Incidents_ListAlerts.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all incident bookmarks.", + "operationId": "Incidents_ListBookmarks", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListBookmarks": { + "$ref": "./examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "tags": [ + "IncidentComments" + ], + "description": "Gets all incident comments.", + "operationId": "IncidentComments_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "IncidentComments_List": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "operationId": "IncidentComments_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Get": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Get.json" + } + } + }, + "put": { + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates the incident comment.", + "operationId": "IncidentComments_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + }, + { + "$ref": "#/parameters/IncidentComment" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "IncidentComments" + ], + "description": "Delete the incident comment.", + "operationId": "IncidentComments_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Delete": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "tags": [ + "IncidentEntities" + ], + "description": "Gets all incident related entities.", + "operationId": "Incidents_ListEntities", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListEntities": { + "$ref": "./examples/incidents/IncidentEntities/Incidents_ListEntities.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets all incident relations.", + "operationId": "IncidentRelations_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets an incident relation.", + "operationId": "IncidentRelations_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident relation.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates the incident relation.", + "operationId": "IncidentRelations_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Delete the incident relation.", + "operationId": "IncidentRelations_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks": { + "get": { + "tags": [ + "IncidentTasks" + ], + "description": "Gets all incident tasks.", + "operationId": "IncidentTasks_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTaskList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "IncidentTasks_List": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}": { + "get": { + "tags": [ + "IncidentTasks" + ], + "description": "Gets an incident task.", + "operationId": "IncidentTasks_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Get": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Get.json" + } + } + }, + "put": { + "tags": [ + "IncidentTasks" + ], + "description": "Creates or updates the incident task.", + "operationId": "IncidentTasks_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + }, + { + "$ref": "#/parameters/IncidentTask" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "IncidentTasks" + ], + "description": "Delete the incident task.", + "operationId": "IncidentTasks_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Delete": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Delete.json" + } + } + } + } + }, + "definitions": { + "Incident": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentProperties", + "x-ms-client-flatten": true + } + } + }, + "IncidentAdditionalData": { + "description": "Incident additional data property bag.", + "type": "object", + "properties": { + "alertsCount": { + "format": "int32", + "description": "The number of alerts in the incident", + "type": "integer", + "readOnly": true + }, + "bookmarksCount": { + "format": "int32", + "description": "The number of bookmarks in the incident", + "type": "integer", + "readOnly": true + }, + "commentsCount": { + "format": "int32", + "description": "The number of comments in the incident", + "type": "integer", + "readOnly": true + }, + "alertProductNames": { + "description": "List of product names of alerts in the incident", + "type": "array", + "items": { + "description": "Alert product name", + "type": "string" + }, + "readOnly": true + }, + "tactics": { + "description": "The tactics associated with incident", + "type": "array", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "description": "The techniques associated with incident's tactics", + "type": "array", + "items": { + "type": "string" + }, + "readOnly": true + }, + "providerIncidentUrl": { + "description": "The provider incident url to the incident in Microsoft 365 Defender portal", + "type": "string", + "readOnly": true + } + } + }, + "IncidentAlertList": { + "description": "List of incident alerts.", + "type": "object", + "properties": { + "value": { + "description": "Array of incident alerts.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/SecurityAlert" + } + } + }, + "required": [ + "value" + ] + }, + "IncidentBookmarkList": { + "description": "List of incident bookmarks.", + "type": "object", + "properties": { + "value": { + "description": "Array of incident bookmarks.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/HuntingBookmark" + } + } + }, + "required": [ + "value" + ] + }, + "IncidentComment": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident comment", + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + } + } + }, + "IncidentCommentList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentComment" + } + }, + "nextLink": { + "type": "string", + "readOnly": true + } + }, + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "description": "Incident comment property bag.", + "required": [ + "message" + ], + "type": "object", + "properties": { + "message": { + "description": "The comment message", + "type": "string" + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the comment was created", + "type": "string", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The time the comment was updated", + "type": "string", + "readOnly": true + }, + "author": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true + } + } + }, + "IncidentEntitiesResponse": { + "description": "The incident related entities response.", + "type": "object", + "properties": { + "entities": { + "description": "Array of the incident related entities.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + } + }, + "metaData": { + "description": "The metadata from the incident related entities results.", + "type": "array", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + } + } + } + }, + "IncidentEntitiesResultsMetadata": { + "description": "Information of a specific aggregation in the incident related entities result.", + "required": [ + "count", + "entityKind" + ], + "type": "object", + "properties": { + "entityKind": { + "description": "The kind of the aggregated entity.", + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerKind" + }, + "count": { + "format": "int32", + "description": "Total number of aggregations of the given kind in the incident related entities result.", + "type": "integer" + } + } + }, + "IncidentList": { + "required": [ + "value" + ], + "description": "List all the incidents.", + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Incident" + } + }, + "nextLink": { + "description": "URL to fetch the next set of incidents.", + "type": "string", + "readOnly": true + } + } + }, + "IncidentProperties": { + "required": [ + "severity", + "status", + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the incident", + "type": "string" + }, + "description": { + "description": "The description of the incident", + "type": "string" + }, + "severity": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" + }, + "status": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" + }, + "classification": { + "description": "The reason the incident was closed", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" + }, + "classificationReason": { + "description": "The classification reason the incident was closed with", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "owner": { + "type": "object", + "description": "Describes a user that the incident is assigned to", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" + }, + "labels": { + "description": "List of labels relevant to this incident", + "type": "array", + "items": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" + } + }, + "firstActivityTimeUtc": { + "format": "date-time", + "description": "The time of the first activity in the incident", + "type": "string" + }, + "lastActivityTimeUtc": { + "format": "date-time", + "description": "The time of the last activity in the incident", + "type": "string" + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the incident was updated", + "type": "string", + "readOnly": true + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the incident was created", + "type": "string", + "readOnly": true + }, + "incidentNumber": { + "format": "int32", + "description": "A sequential number", + "type": "integer", + "readOnly": true + }, + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true, + "type": "object" + }, + "relatedAnalyticRuleIds": { + "description": "List of resource ids of Analytic rules related to the incident", + "type": "array", + "items": { + "description": "Related Analytic rule resource id", + "type": "string" + }, + "readOnly": true + }, + "incidentUrl": { + "description": "The deep-link url to the incident in Azure portal", + "type": "string", + "readOnly": true + }, + "providerName": { + "description": "The name of the source provider that generated the incident", + "type": "string", + "readOnly": true + }, + "providerIncidentId": { + "description": "The incident ID assigned by the incident provider", + "type": "string", + "readOnly": true + }, + "teamInformation": { + "$ref": "#/definitions/TeamInformation", + "description": "Describes a team for the incident", + "type": "object" + } + } + }, + "IncidentTask": { + "required": [ + "properties" + ], + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentTaskProperties", + "x-ms-client-flatten": true + } + } + }, + "IncidentTaskList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentTask" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "IncidentTaskProperties": { + "required": [ + "status", + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the task", + "type": "string" + }, + "description": { + "description": "The description of the task", + "type": "string" + }, + "status": { + "$ref": "#/definitions/IncidentTaskStatus" + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the task was created", + "type": "string", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the task was updated", + "type": "string", + "readOnly": true + }, + "createdBy": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + }, + "lastModifiedBy": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + } + } + }, + "IncidentTaskStatus": { + "enum": [ + "New", + "Completed" + ], + "type": "string", + "example": "New", + "x-ms-enum": { + "name": "IncidentTaskStatus", + "modelAsString": true, + "values": [ + { + "value": "New", + "description": "A new task" + }, + { + "value": "Completed", + "description": "A completed task" + } + ] + } + }, + "TeamInformation": { + "description": "Describes team information", + "type": "object", + "properties": { + "teamId": { + "description": "Team ID", + "type": "string", + "readOnly": true + }, + "primaryChannelUrl": { + "description": "The primary channel URL of the team", + "type": "string", + "readOnly": true + }, + "teamCreationTimeUtc": { + "format": "date-time", + "description": "The time the team was created", + "type": "string", + "readOnly": true + }, + "name": { + "description": "The name of the team", + "type": "string", + "readOnly": true + }, + "description": { + "description": "The description of the team", + "type": "string", + "readOnly": true + } + } + }, + "TeamProperties": { + "description": "Describes team properties", + "required": [ + "teamName" + ], + "type": "object", + "properties": { + "teamName": { + "description": "The name of the team", + "type": "string" + }, + "teamDescription": { + "description": "The description of the team", + "type": "string" + }, + "groupIds": { + "description": "List of group IDs to add their members to the team", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + }, + "memberIds": { + "description": "List of member IDs to add to the team", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + } + } + } + }, + "parameters": { + "Incident": { + "name": "incident", + "description": "The incident", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "IncidentId": { + "in": "path", + "name": "incidentId", + "description": "Incident ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + }, + "IncidentComment": { + "name": "incidentComment", + "description": "The incident comment", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "IncidentCommentId": { + "in": "path", + "name": "incidentCommentId", + "description": "Incident comment ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + }, + "TeamProperties": { + "name": "teamProperties", + "description": "Team properties", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/TeamInformation" + } + }, + "IncidentTask": { + "name": "incidentTask", + "description": "The incident task", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "IncidentTaskId": { + "in": "path", + "name": "incidentTaskId", + "description": "Incident task ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json new file mode 100644 index 000000000000..6673273c9595 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json @@ -0,0 +1,824 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata": { + "get": { + "x-ms-examples": { + "Get all metadata.": { + "$ref": "./examples/metadata/GetAllMetadata.json" + }, + "Get all metadata with OData filter/orderby/skip/top": { + "$ref": "./examples/metadata/GetAllMetadataOData.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "List of all metadata", + "operationId": "Metadata_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkip" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}": { + "get": { + "x-ms-examples": { + "Get single metadata by name": { + "$ref": "./examples/metadata/GetMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Get a Metadata.", + "operationId": "Metadata_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/metadata/DeleteMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Delete a Metadata.", + "operationId": "Metadata_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create/update full metadata.": { + "$ref": "./examples/metadata/PutMetadata.json" + }, + "Create/update minimal metadata.": { + "$ref": "./examples/metadata/PutMetadataMinimal.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Create a Metadata.", + "operationId": "Metadata_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/Metadata" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update metadata.": { + "$ref": "./examples/metadata/PatchMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Update an existing Metadata.", + "operationId": "Metadata_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/MetadataPatch" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "MetadataList": { + "description": "List of all the metadata.", + "type": "object", + "properties": { + "value": { + "description": "Array of metadata.", + "items": { + "$ref": "#/definitions/MetadataModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of metadata.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "MetadataModel": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataProperties", + "description": "Metadata properties", + "x-ms-client-flatten": true + } + } + }, + "metadataPatch": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata patch request body.", + "type": "object", + "properties": { + "properties": { + "$ref": "#/definitions/metadataPropertiesPatch", + "description": "Metadata patch request body", + "x-ms-client-flatten": true + } + } + }, + "metadataContentId": { + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId.", + "type": "string" + }, + "metadataParentId": { + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", + "type": "string" + }, + "metadataVersion": { + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", + "type": "string" + }, + "metadataKind": { + "type": "string", + "description": "The kind of content the metadata is for." + }, + "metadataSource": { + "description": "The original source of the content item, where it comes from.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Source type of the content", + "type": "string", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "sourceKind", + "values": [ + { + "value": "LocalWorkspace" + }, + { + "value": "Community" + }, + { + "value": "Solution" + }, + { + "value": "SourceRepository" + } + ] + } + }, + "name": { + "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", + "type": "string" + }, + "sourceId": { + "description": "ID of the content source. The solution ID, workspace ID, etc", + "type": "string" + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "description": "Name of the author. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of author contact", + "type": "string" + }, + "link": { + "description": "Link for author/vendor page", + "type": "string" + } + } + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "required": [ + "tier" + ], + "properties": { + "tier": { + "description": "Type of support for content item", + "type": "string", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "supportTier", + "values": [ + { + "value": "Microsoft" + }, + { + "value": "Partner" + }, + { + "value": "Community" + } + ] + } + }, + "name": { + "description": "Name of the support contact. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of support contact", + "type": "string" + }, + "link": { + "description": "Link for support help, like to support page to open a ticket etc.", + "type": "string" + } + } + }, + "metadataDependencies": { + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "type": "object", + "properties": { + "contentId": { + "description": "Id of the content item we depend on", + "$ref": "#/definitions/metadataContentId" + }, + "kind": { + "description": "Type of the content item we depend on", + "$ref": "#/definitions/metadataKind" + }, + "version": { + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", + "$ref": "#/definitions/metadataVersion" + }, + "name": { + "description": "Name of the content item", + "type": "string" + }, + "operator": { + "description": "Operator used for list of dependencies in criteria array.", + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "operator", + "values": [ + { + "value": "AND" + }, + { + "value": "OR" + } + ] + } + }, + "criteria": { + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "type": "array", + "items": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + } + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "description": "domain for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "verticals": { + "description": "Industry verticals for the solution content item", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "str1", + "str2", + "str3" + ] + } + } + }, + "metadataProviders": { + "description": "Providers for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "description": "first publish date of solution content item", + "type": "string", + "format": "date" + }, + "lastPublishDate": { + "description": "last publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataCustomVersion": { + "description": "The custom version of the content. A optional free text", + "type": "string" + }, + "metadataContentSchemaVersion": { + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", + "type": "string" + }, + "metadataIcon": { + "description": "the icon identifier. this id can later be fetched from the solution template", + "type": "string" + }, + "metadataThreatAnalysisTactics": { + "description": "the tactics the resource covers", + "type": "array", + "example": [ + "reconnaissance", + "exfiltration" + ], + "items": { + "type": "string" + } + }, + "metadataThreatAnalysisTechniques": { + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "type": "array", + "example": [ + "T1548", + "T1548.001", + "T1134.003" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImages": { + "description": "preview image file names. These will be taken from the solution artifacts", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImagesDark": { + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataProperties": { + "description": "Metadata property bag.", + "required": [ + "parentId", + "kind" + ], + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the solution content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/firstPublishDate", + "description": "first publish date solution content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/lastPublishDate", + "description": "last publish date for the solution content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + } + } + }, + "metadataPropertiesPatch": { + "description": "Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required", + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the solution content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/firstPublishDate", + "description": "first publish date solution content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/lastPublishDate", + "description": "last publish date for the solution content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + } + } + } + }, + "parameters": { + "Metadata": { + "description": "Metadata resource.", + "in": "body", + "name": "metadata", + "required": true, + "schema": { + "$ref": "#/definitions/MetadataModel" + }, + "x-ms-parameter-location": "method" + }, + "MetadataPatch": { + "description": "Partial metadata request.", + "in": "body", + "name": "metadataPatch", + "required": true, + "schema": { + "$ref": "#/definitions/metadataPatch" + }, + "x-ms-parameter-location": "method" + }, + "MetadataName": { + "description": "The Metadata name.", + "in": "path", + "name": "metadataName", + "required": true, + "pattern": "^\\S+$", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json new file mode 100644 index 000000000000..2fe8f133937b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json @@ -0,0 +1,234 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents": { + "get": { + "x-ms-examples": { + "Get all office consents.": { + "$ref": "./examples/officeConsents/GetOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets all office365 consents.", + "operationId": "OfficeConsents_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}": { + "get": { + "x-ms-examples": { + "Get an office consent.": { + "$ref": "./examples/officeConsents/GetOfficeConsentsById.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets an office365 consent.", + "operationId": "OfficeConsents_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsent" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an office consent.": { + "$ref": "./examples/officeConsents/DeleteOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Delete the office365 consent.", + "operationId": "OfficeConsents_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ConsentId": { + "description": "consent ID", + "in": "path", + "name": "consentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "OfficeConsent": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Consent for Office365 tenant that already made.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeConsentProperties", + "description": "Office consent properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "OfficeConsentList": { + "description": "List of all the office365 consents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of office consents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of the consents.", + "items": { + "$ref": "#/definitions/OfficeConsent" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "OfficeConsentProperties": { + "description": "Consent property bag.", + "properties": { + "tenantId": { + "description": "The tenantId of the Office365 with the consent.", + "type": "string" + }, + "consentId": { + "description": "Help to easily cascade among the data layers.", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json new file mode 100644 index 000000000000..9475f8c2893b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json @@ -0,0 +1,284 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}": { + "get": { + "x-ms-examples": { + "Get Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/GetSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Get Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in getting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/CreateSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Create Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in creating the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/DeleteSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Delete Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error in deleting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates": { + "get": { + "x-ms-examples": { + "Get all Sentinel onboarding states": { + "$ref": "./examples/onboardingStates/GetAllSentinelOnboardingStates.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Gets all Sentinel onboarding states", + "operationId": "SentinelOnboardingStates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingStatesList" + } + }, + "default": { + "description": "Error in listing the Sentinel onboarding states", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SentinelOnboardingStateProperties": { + "description": "The Sentinel onboarding state properties", + "type": "object", + "properties": { + "customerManagedKey": { + "description": "Flag that indicates the status of the CMK setting", + "type": "boolean" + } + } + }, + "SentinelOnboardingState": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Sentinel onboarding state", + "properties": { + "properties": { + "$ref": "#/definitions/SentinelOnboardingStateProperties", + "description": "The Sentinel onboarding state object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SentinelOnboardingStatesList": { + "description": "List of the Sentinel onboarding states", + "properties": { + "value": { + "description": "Array of Sentinel onboarding states", + "items": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + } + }, + "parameters": { + "SentinelOnboardingStateName": { + "description": "The Sentinel onboarding state name. Supports - default", + "in": "path", + "name": "sentinelOnboardingStateName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SentinelOnboardingStateParameter": { + "description": "The Sentinel onboarding state parameter", + "in": "body", + "name": "sentinelOnboardingStateParameter", + "required": false, + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json new file mode 100644 index 000000000000..0ab6bae47dd4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json @@ -0,0 +1,564 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations": { + "get": { + "x-ms-examples": { + "Get Recommendations list.": { + "$ref": "./examples/recommendations/GetRecommendations.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Gets a list of all recommendations.", + "operationId": "GetRecommendations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RecommendationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}": { + "get": { + "x-ms-examples": { + "Get a recommendation.": { + "$ref": "./examples/recommendations/GetRecommendation.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Gets a recommendation by its id.", + "operationId": "Get_SingleRecommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RecommendationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Creates a recommendation.": { + "$ref": "./examples/recommendations/PatchRecommendation.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Patch a recommendation.", + "operationId": "Update_Recommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RecommendationId" + }, + { + "$ref": "#/parameters/RecommendationPatch" + } + ], + "x-ms-long-running-operation": true, + "responses": { + "202": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "Recommendation": { + "description": "Recommendation object.", + "properties": { + "id": { + "description": "id of recommendation.", + "type": "string", + "format": "uuid" + }, + "instructions": { + "description": "Instructions of the recommendation.", + "$ref": "#/definitions/Instructions" + }, + "content": { + "description": "Content of the recommendation.", + "$ref": "#/definitions/Content", + "x-nullable": true + }, + "resourceId": { + "description": "Id of the resource this recommendation refers to.", + "type": "string", + "x-nullable": true + }, + "additionalProperties": { + "description": "Collection of additional properties for the recommendation.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "x-nullable": true + }, + "title": { + "description": "Title of the recommendation.", + "type": "string" + }, + "description": { + "description": "Description of the recommendation.", + "type": "string" + }, + "recommendationTypeTitle": { + "description": "Title of the recommendation type.", + "type": "string" + }, + "recommendationTypeId": { + "description": "Id of the recommendation type.", + "type": "string" + }, + "category": { + "description": "Category of the recommendation.", + "$ref": "#/definitions/RecommendationCategory" + }, + "context": { + "description": "Context of the recommendation.", + "$ref": "#/definitions/RecommendationContext" + }, + "workspaceId": { + "description": "Id of the workspace this recommendation refers to.", + "type": "string", + "format": "uuid" + }, + "actions": { + "description": "List of actions to take for this recommendation.", + "type": "array", + "items": { + "$ref": "#/definitions/RecommendedAction" + }, + "x-ms-identifiers": [] + }, + "state": { + "description": "State of the recommendation.", + "$ref": "#/definitions/RecommendationState" + }, + "priority": { + "description": "Priority of the recommendation.", + "$ref": "#/definitions/RecommendationPriority" + }, + "lastEvaluatedTimeUtc": { + "description": "The time stamp (UTC) when the recommendation was last evaluated.", + "type": "string", + "format": "date-time" + }, + "hideUntilTimeUtc": { + "description": "The time stamp (UTC) when the recommendation should be displayed again.", + "type": "string", + "format": "date-time", + "x-nullable": true + }, + "displayUntilTimeUtc": { + "description": "The timestamp (UTC) after which the recommendation should not be displayed anymore.", + "type": "string", + "format": "date-time", + "x-nullable": true + }, + "visible": { + "description": "Value indicating if the recommendation should be displayed or not.", + "type": "boolean" + } + }, + "required": [ + "id", + "instructions", + "title", + "description", + "recommendationTypeTitle", + "recommendationTypeId", + "category", + "context", + "workspaceId", + "actions", + "state", + "priority", + "lastEvaluatedTimeUtc" + ], + "type": "object" + }, + "RecommendationList": { + "description": "A list of recommendations", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Recommendation" + }, + "description": "An list of recommendations" + } + }, + "type": "object" + }, + "Content": { + "description": "Content section of the recommendation.", + "properties": { + "title": { + "description": "Title of the content.", + "type": "string" + }, + "description": { + "description": "Description of the content.", + "type": "string" + } + }, + "required": [ + "title", + "description" + ], + "type": "object" + }, + "Instructions": { + "description": "Instructions section of a recommendation.", + "properties": { + "actionsToBePerformed": { + "description": "What actions should be taken to complete the recommendation.", + "type": "string" + }, + "recommendationImportance": { + "description": "Explains why the recommendation is important.", + "type": "string" + }, + "howToPerformActionDetails": { + "description": "How should the user complete the recommendation.", + "type": "string", + "x-nullable": true + } + }, + "required": [ + "actionsToBePerformed", + "recommendationImportance" + ], + "type": "object" + }, + "RecommendedAction": { + "description": "What actions should be taken to complete the recommendation.", + "properties": { + "linkText": { + "description": "Text of the link to complete the action.", + "type": "string" + }, + "linkUrl": { + "description": "The Link to complete the action.", + "type": "string" + }, + "state": { + "description": "The state of the action.", + "$ref": "#/definitions/ActionState" + } + }, + "required": [ + "linkText", + "linkUrl" + ], + "type": "object" + }, + "RecommendationPatch": { + "description": "Recommendation Fields to update.", + "properties": { + "state": { + "description": "State of the recommendation.", + "$ref": "#/definitions/RecommendationState" + }, + "hideUntilTimeUtc": { + "description": "The time stamp (UTC) when the recommendation should be displayed again.", + "type": "string", + "format": "date-time" + } + }, + "type": "object" + }, + "RecommendationCategory": { + "description": "Categories of recommendations.", + "type": "string", + "enum": [ + "Onboarding", + "NewFeature", + "SocEfficiency", + "CostOptimization", + "Demo" + ], + "x-ms-enum": { + "name": "Category", + "modelAsString": true, + "values": [ + { + "value": "Onboarding", + "description": "Onboarding recommendation." + }, + { + "value": "NewFeature", + "description": "New feature recommendation." + }, + { + "value": "SocEfficiency", + "description": "Soc Efficiency recommendation." + }, + { + "value": "CostOptimization", + "description": "Cost optimization recommendation." + }, + { + "value": "Demo", + "description": "Demo recommendation." + } + ] + } + }, + "RecommendationContext": { + "description": "Context of recommendation.", + "type": "string", + "enum": [ + "Analytics", + "Incidents", + "Overview", + "None" + ], + "x-ms-enum": { + "name": "Context", + "modelAsString": true, + "values": [ + { + "value": "Analytics", + "description": "Analytics context." + }, + { + "value": "Incidents", + "description": "Incidents context." + }, + { + "value": "Overview", + "description": "Overview context." + }, + { + "value": "None", + "description": "No context." + } + ] + } + }, + "RecommendationState": { + "description": "State of recommendation.", + "type": "string", + "enum": [ + "Active", + "Disabled", + "CompletedByUser", + "CompletedByAction", + "Hidden" + ], + "x-ms-enum": { + "name": "State", + "modelAsString": true, + "values": [ + { + "value": "Active", + "description": "Recommendation is active." + }, + { + "value": "Disabled", + "description": "Recommendation is disabled." + }, + { + "value": "CompletedByUser", + "description": "Recommendation has been completed by user." + }, + { + "value": "CompletedByAction", + "description": "Recommendation has been completed by action." + }, + { + "value": "Hidden", + "description": "Recommendation is hidden." + } + ] + } + }, + "RecommendationPriority": { + "description": "Priority of recommendation.", + "type": "string", + "enum": [ + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "Priority", + "modelAsString": true, + "values": [ + { + "value": "Low", + "description": "Low priority for recommendation." + }, + { + "value": "Medium", + "description": "Medium priority for recommendation." + }, + { + "value": "High", + "description": "High priority for recommendation." + } + ] + } + }, + "ActionState": { + "description": "Represents the state the recommendation action is currently in.", + "type": "string", + "enum": [ + "Active", + "InProgress", + "Done" + ], + "x-ms-enum": { + "name": "Priority", + "modelAsString": true, + "values": [ + { + "value": "Active", + "description": "Default state of actions." + }, + { + "value": "InProgress", + "description": "State for when actions have been clicked on." + }, + { + "value": "Done", + "description": "State of completed actions." + } + ] + } + } + }, + "parameters": { + "RecommendationId": { + "description": "Recommendation Id.", + "in": "path", + "name": "recommendationId", + "required": true, + "type": "string", + "format": "uuid", + "x-ms-parameter-location": "method" + }, + "RecommendationPatch": { + "description": "Recommendation Fields to Update.", + "in": "body", + "name": "recommendationPatch", + "required": true, + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RecommendationPatch" + }, + "x-ms-identifiers": [] + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..4ce0dae1c393 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json @@ -0,0 +1,444 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings": { + "get": { + "x-ms-examples": { + "Get all Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets all Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}": { + "get": { + "x-ms-examples": { + "Get a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Creates or updates the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + }, + { + "$ref": "#/parameters/SecurityMLAnalyticsSetting" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Delete the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "SecurityMLAnalyticsSetting": { + "description": "The security ML Analytics setting", + "in": "body", + "name": "securityMLAnalyticsSetting", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + }, + "x-ms-parameter-location": "method" + }, + "SettingsResourceName": { + "description": "Security ML Analytics Settings resource name", + "in": "path", + "name": "settingsResourceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "SecurityMLAnalyticsSetting": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Security ML Analytics Setting", + "properties": { + "kind": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsKindEnum", + "description": "The kind of security ML Analytics Settings" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "SecurityMLAnalyticsSettingsKindEnum": { + "description": "The kind of security ML analytics settings", + "enum": [ + "Anomaly" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SecurityMLAnalyticsSettingsKind", + "values": [ + { + "value": "Anomaly" + } + ] + } + }, + "SecurityMLAnalyticsSettingsList": { + "description": "List all the SecurityMLAnalyticsSettings", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of SecurityMLAnalyticsSettings.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AnomalySecurityMLAnalyticsSettings": { + "allOf": [ + { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + ], + "description": "Represents Anomaly Security ML Analytics Settings", + "properties": { + "properties": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsProperties", + "description": "Anomaly Security ML Analytics Settings properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomaly" + }, + "AnomalySecurityMLAnalyticsSettingsProperties": { + "description": "AnomalySecurityMLAnalytics settings base property bag.", + "properties": { + "description": { + "description": "The description of the SecurityMLAnalyticsSettings.", + "type": "string" + }, + "displayName": { + "description": "The display name for settings created by this SecurityMLAnalyticsSettings.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this settings is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this SecurityMLAnalyticsSettings has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ], + "type": "array" + }, + "tactics": { + "description": "The tactics of the SecurityMLAnalyticsSettings", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the SecurityMLAnalyticsSettings", + "items": { + "type": "string" + }, + "type": "array" + }, + "anomalyVersion": { + "description": "The anomaly version of the AnomalySecurityMLAnalyticsSettings.", + "type": "string" + }, + "customizableObservations": { + "description": "The customizable observations of the AnomalySecurityMLAnalyticsSettings.", + "type": "object" + }, + "frequency": { + "description": "The frequency that this SecurityMLAnalyticsSettings will be run.", + "format": "duration", + "type": "string" + }, + "settingsStatus": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsStatus", + "description": "The anomaly SecurityMLAnalyticsSettings status" + }, + "isDefaultSettings": { + "description": "Determines whether this anomaly security ml analytics settings is a default settings", + "type": "boolean" + }, + "anomalySettingsVersion": { + "description": "The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.", + "type": "integer", + "format": "int32" + }, + "settingsDefinitionId": { + "description": "The anomaly settings definition Id", + "format": "uuid", + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "anomalyVersion", + "frequency", + "settingsStatus", + "isDefaultSettings" + ], + "type": "object" + }, + "SecurityMLAnalyticsSettingsDataSource": { + "description": "security ml analytics settings data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the security ml analytics settings", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AnomalySecurityMLAnalyticsSettingsStatus": { + "description": "The anomaly SecurityMLAnalyticsSettings status", + "enum": [ + "Production", + "Flighting" + ], + "type": "string", + "x-ms-enum": { + "name": "SettingsStatus", + "modelAsString": true, + "values": [ + { + "description": "Anomaly settings status in Production mode", + "value": "Production" + }, + { + "description": "Anomaly settings status in Flighting mode", + "value": "Flighting" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json new file mode 100644 index 000000000000..573bfc7edef4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json @@ -0,0 +1,423 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings": { + "get": { + "x-ms-examples": { + "Get all settings.": { + "$ref": "./examples/settings/GetAllSettings.json" + } + }, + "tags": [ + "Settings" + ], + "description": "List of all the settings", + "operationId": "ProductSettings_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SettingList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}": { + "get": { + "x-ms-examples": { + "Get EyesOn settings.": { + "$ref": "./examples/settings/GetEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Gets a setting.", + "operationId": "ProductSettings_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete EyesOn settings.": { + "$ref": "./examples/settings/DeleteEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Delete setting of the product.", + "operationId": "ProductSettings_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update EyesOn settings.": { + "$ref": "./examples/settings/UpdateEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Updates setting.", + "operationId": "ProductSettings_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + }, + { + "$ref": "#/parameters/Settings" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SettingList": { + "description": "List of all the settings.", + "properties": { + "value": { + "description": "Array of settings.", + "items": { + "$ref": "#/definitions/Settings" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Settings": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "The Setting.", + "properties": { + "kind": { + "description": "The kind of the setting", + "enum": [ + "Anomalies", + "EyesOn", + "EntityAnalytics", + "Ueba" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingKind" + } + } + }, + "required": [ + "kind" + ], + "discriminator": "kind", + "type": "object" + }, + "Anomalies": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/AnomaliesSettingsProperties", + "description": "Anomalies properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomalies" + }, + "AnomaliesSettingsProperties": { + "description": "Anomalies property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EyesOn": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EyesOnSettingsProperties", + "description": "EyesOn properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EyesOn" + }, + "EyesOnSettingsProperties": { + "description": "EyesOn property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EntityAnalytics": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EntityAnalyticsProperties", + "description": "EntityAnalytics properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EntityAnalytics" + }, + "EntityAnalyticsProperties": { + "description": "EntityAnalytics property bag.", + "properties": { + "entityProviders": { + "description": "The relevant entity providers that are synced", + "items": { + "$ref": "#/definitions/EntityProviders" + }, + "type": "array" + } + }, + "type": "object" + }, + "EntityProviders": { + "description": "The entity provider that is synced.", + "enum": [ + "ActiveDirectory", + "AzureActiveDirectory" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityProviders" + } + }, + "Ueba": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/UebaProperties", + "description": "Ueba properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ueba" + }, + "UebaProperties": { + "description": "Ueba property bag.", + "properties": { + "dataSources": { + "description": "The relevant data sources that enriched by ueba", + "items": { + "$ref": "#/definitions/UebaDataSources" + }, + "type": "array" + } + }, + "type": "object" + }, + "UebaDataSources": { + "description": "The data source that enriched by ueba.", + "enum": [ + "AuditLogs", + "AzureActivity", + "SecurityEvent", + "SigninLogs" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "UebaDataSources" + } + } + }, + "parameters": { + "Settings": { + "description": "The setting", + "in": "body", + "name": "settings", + "required": true, + "schema": { + "$ref": "#/definitions/Settings" + }, + "x-ms-parameter-location": "method" + }, + "SettingsName": { + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "in": "path", + "name": "settingsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json new file mode 100644 index 000000000000..76301c5a4524 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json @@ -0,0 +1,971 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories": { + "post": { + "x-ms-examples": { + "Get repository list.": { + "$ref": "./examples/repositories/GetRepositories.json" + } + }, + "tags": [ + "Repositories" + ], + "description": "Gets a list of repositories metadata.", + "operationId": "SourceControl_listRepositories", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RepoTypeParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RepoList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols": { + "get": { + "x-ms-examples": { + "Get all source controls.": { + "$ref": "./examples/sourcecontrols/GetSourceControls.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets all source controls, without source control items.", + "operationId": "SourceControls_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControlList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}": { + "get": { + "x-ms-examples": { + "Get a source control.": { + "$ref": "./examples/sourcecontrols/GetSourceControlById.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets a source control byt its identifier.", + "operationId": "SourceControls_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a source control.": { + "$ref": "./examples/sourcecontrols/CreateSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Creates a source control.", + "operationId": "SourceControls_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + }, + { + "$ref": "#/parameters/SourceControl" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete": { + "post": { + "x-ms-examples": { + "Delete a source control.": { + "$ref": "./examples/sourcecontrols/DeleteSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Delete a source control.", + "operationId": "SourceControls_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + }, + { + "$ref": "#/parameters/RepositoryAccess" + } + ], + "responses": { + "200": { + "description": "Source control deleted.", + "schema": { + "$ref": "#/definitions/Warning" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "RepoList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of repositories.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of repositories.", + "items": { + "$ref": "#/definitions/Repo" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Repo": { + "description": "Represents a repository.", + "properties": { + "url": { + "description": "The url to access the repository.", + "type": "string" + }, + "fullName": { + "description": "The name of the repository.", + "type": "string" + }, + "branches": { + "description": "Array of branches.", + "items": { + "description": "name of branch.", + "type": "string" + }, + "type": "array" + } + }, + "x-ms-azure-resource": false, + "type": "object" + }, + "SourceControlList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of source controls.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of source controls.", + "items": { + "$ref": "#/definitions/SourceControl" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "SourceControl": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a SourceControl in Azure Security Insights.", + "properties": { + "properties": { + "description": "source control properties", + "$ref": "#/definitions/SourceControlProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SourceControlProperties": { + "description": "Describes source control properties", + "properties": { + "id": { + "description": "The id (a Guid) of the source control", + "type": "string", + "readOnly": true + }, + "version": { + "$ref": "#/definitions/Version", + "description": "The version number associated with the source control", + "type": "string" + }, + "displayName": { + "description": "The display name of the source control", + "type": "string" + }, + "description": { + "description": "A description of the source control", + "type": "string" + }, + "repoType": { + "$ref": "#/definitions/RepoType", + "description": "The repository type of the source control", + "type": "string" + }, + "contentTypes": { + "description": "Array of source control content types.", + "items": { + "$ref": "#/definitions/ContentType" + }, + "type": "array" + }, + "repository": { + "description": "Repository metadata.", + "$ref": "#/definitions/Repository" + }, + "servicePrincipal": { + "description": "Service principal metadata.", + "$ref": "#/definitions/ServicePrincipal" + }, + "repositoryAccess": { + "description": "Repository access credentials. This is write-only object and it never returns back to a user.", + "x-ms-mutability": [ + "create", + "update" + ], + "$ref": "#/definitions/RepositoryAccess" + }, + "repositoryResourceInfo": { + "description": "Information regarding the resources created in user's repository.", + "$ref": "#/definitions/RepositoryResourceInfo" + }, + "lastDeploymentInfo": { + "description": "Information regarding the latest deployment for the source control.", + "$ref": "#/definitions/DeploymentInfo" + }, + "pullRequest": { + "description": "Information regarding the pull request of the source control.", + "$ref": "#/definitions/PullRequest" + } + }, + "required": [ + "displayName", + "repoType", + "contentTypes", + "repository" + ], + "type": "object" + }, + "RepositoryAccess": { + "type": "object", + "description": "Credentials to access repository.", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "The kind of repository access credentials", + "$ref": "#/definitions/RepositoryAccessKind" + }, + "code": { + "x-ms-secret": true, + "type": "string", + "description": "OAuth Code. Required when `kind` is `OAuth`" + }, + "state": { + "x-ms-secret": true, + "type": "string", + "description": "OAuth State. Required when `kind` is `OAuth`" + }, + "clientId": { + "type": "string", + "description": "OAuth ClientId. Required when `kind` is `OAuth`" + }, + "token": { + "x-ms-secret": true, + "type": "string", + "description": "Personal Access Token. Required when `kind` is `PAT`" + }, + "installationId": { + "type": "string", + "description": "Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only." + } + } + }, + "Repository": { + "type": "object", + "required": [ + "url", + "branch" + ], + "description": "metadata of a repository.", + "properties": { + "url": { + "description": "Url of repository.", + "type": "string" + }, + "branch": { + "description": "Branch name of repository.", + "type": "string" + }, + "displayUrl": { + "description": "Display url of repository.", + "type": "string" + }, + "deploymentLogsUrl": { + "description": "Url to access repository action logs.", + "type": "string", + "readOnly": true + } + } + }, + "ServicePrincipal": { + "readOnly": true, + "type": "object", + "description": "Service principal metadata.", + "properties": { + "id": { + "description": "Id of service principal.", + "type": "string", + "readOnly": true + }, + "tenantId": { + "description": "Tenant id of service principal.", + "type": "string", + "readOnly": true + }, + "appId": { + "description": "App id of service principal.", + "type": "string", + "readOnly": true + } + } + }, + "RepositoryResourceInfo": { + "type": "object", + "description": "Resources created in user's repository for the source-control.", + "properties": { + "webhook": { + "type": "object", + "description": "The webhook object created for the source-control.", + "$ref": "#/definitions/Webhook" + }, + "gitHubResourceInfo": { + "type": "object", + "description": "Resources created in GitHub for this source-control.", + "$ref": "#/definitions/GitHubResourceInfo" + }, + "azureDevOpsResourceInfo": { + "type": "object", + "description": "Resources created in Azure DevOps for this source-control.", + "$ref": "#/definitions/AzureDevOpsResourceInfo" + } + } + }, + "Webhook": { + "description": "Detail about the webhook object.", + "type": "object", + "properties": { + "webhookId": { + "description": "Unique identifier for the webhook.", + "type": "string", + "readOnly": true + }, + "webhookUrl": { + "description": "URL that gets invoked by the webhook.", + "type": "string", + "readOnly": true + }, + "webhookSecretUpdateTime": { + "format": "date-time", + "description": "Time when the webhook secret was updated.", + "type": "string", + "readOnly": true + }, + "rotateWebhookSecret": { + "description": "A flag to instruct the backend service to rotate webhook secret.", + "type": "boolean" + } + } + }, + "GitHubResourceInfo": { + "readOnly": true, + "description": "Resources created in GitHub repository.", + "type": "object", + "properties": { + "appInstallationId": { + "description": "GitHub application installation id.", + "type": "string" + } + } + }, + "AzureDevOpsResourceInfo": { + "readOnly": true, + "description": "Resources created in Azure DevOps repository.", + "type": "object", + "properties": { + "pipelineId": { + "description": "Id of the pipeline created for the source-control.", + "type": "string" + }, + "serviceConnectionId": { + "description": "Id of the service-connection created for the source-control.", + "type": "string" + } + } + }, + "DeploymentInfo": { + "readOnly": true, + "description": "Information regarding a deployment.", + "type": "object", + "properties": { + "deploymentFetchStatus": { + "$ref": "#/definitions/DeploymentFetchStatus", + "description": "Status while fetching the last deployment.", + "type": "string" + }, + "deployment": { + "$ref": "#/definitions/Deployment", + "description": "Deployment information.", + "type": "object" + }, + "message": { + "description": "Additional details about the deployment that can be shown to the user.", + "type": "string" + } + } + }, + "Deployment": { + "description": "Description about a deployment.", + "type": "object", + "properties": { + "deploymentId": { + "description": "Deployment identifier.", + "type": "string" + }, + "deploymentState": { + "$ref": "#/definitions/DeploymentState", + "description": "Current status of the deployment.", + "type": "string" + }, + "deploymentResult": { + "$ref": "#/definitions/DeploymentResult", + "description": "The outcome of the deployment.", + "type": "string" + }, + "deploymentTime": { + "format": "date-time", + "description": "The time when the deployment finished.", + "type": "string" + }, + "deploymentLogsUrl": { + "description": "Url to access repository action logs.", + "type": "string" + } + } + }, + "ContentType": { + "description": "The content type of a source control path.", + "enum": [ + "AnalyticRule", + "AutomationRule", + "HuntingQuery", + "Parser", + "Playbook", + "Workbook" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ContentType", + "values": [ + { + "value": "AnalyticRule" + }, + { + "value": "AutomationRule" + }, + { + "value": "HuntingQuery" + }, + { + "value": "Parser" + }, + { + "value": "Playbook" + }, + { + "value": "Workbook" + } + ] + } + }, + "RepoType": { + "description": "The type of repository.", + "enum": [ + "Github", + "AzureDevOps" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RepoType", + "values": [ + { + "value": "Github" + }, + { + "value": "AzureDevOps" + } + ] + } + }, + "RepositoryAccessKind": { + "description": "The kind of repository access credentials", + "enum": [ + "OAuth", + "PAT", + "App" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RepositoryAccessKind", + "values": [ + { + "value": "OAuth" + }, + { + "value": "PAT" + }, + { + "value": "App" + } + ] + } + }, + "Version": { + "readOnly": true, + "description": "The version of the source control.", + "enum": [ + "V1", + "V2" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "Version", + "values": [ + { + "value": "V1" + }, + { + "value": "V2" + } + ] + } + }, + "DeploymentFetchStatus": { + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Unauthorized", + "NotFound" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentFetchStatus", + "values": [ + { + "value": "Success" + }, + { + "value": "Unauthorized" + }, + { + "value": "NotFound" + } + ] + } + }, + "DeploymentState": { + "description": "The current state of the deployment.", + "enum": [ + "In_Progress", + "Completed", + "Queued", + "Canceling" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentState", + "values": [ + { + "value": "In_Progress" + }, + { + "value": "Completed" + }, + { + "value": "Queued" + }, + { + "value": "Canceling" + } + ] + } + }, + "DeploymentResult": { + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Canceled", + "Failed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentResult", + "values": [ + { + "value": "Success" + }, + { + "value": "Canceled" + }, + { + "value": "Failed" + } + ] + } + }, + "PullRequest": { + "readOnly": true, + "description": "Information regarding pull request for protected branches.", + "type": "object", + "properties": { + "url": { + "description": "URL of pull request", + "type": "string", + "readOnly": true + }, + "state": { + "$ref": "#/definitions/PullRequestState", + "description": "State of the pull request", + "type": "object", + "readOnly": true + } + } + }, + "PullRequestState": { + "description": "Status of the pull request.", + "enum": [ + "Open", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "state", + "values": [ + { + "value": "Open" + }, + { + "value": "Closed" + } + ] + } + }, + "Warning": { + "description": "Warning response structure.", + "x-ms-external": true, + "properties": { + "warning": { + "$ref": "#/definitions/WarningBody", + "description": "Warning data." + } + }, + "type": "object" + }, + "WarningBody": { + "readOnly": true, + "x-ms-external": true, + "description": "Warning details.", + "properties": { + "code": { + "description": "An identifier for the warning. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true, + "type": "object", + "$ref": "#/definitions/WarningCode" + }, + "message": { + "description": "A message describing the warning, intended to be suitable for display in a user interface.", + "readOnly": true, + "type": "string" + }, + "details": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/WarningBody" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "WarningCode": { + "readOnly": true, + "description": "The type of repository.", + "enum": [ + "SourceControlWarning_DeleteServicePrincipal", + "SourceControlWarning_DeletePipelineFromAzureDevOps", + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "SourceControlWarning_DeleteRoleAssignment", + "SourceControl_DeletedWithWarnings" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "WarningCode", + "values": [ + { + "value": "SourceControlWarning_DeleteServicePrincipal" + }, + { + "value": "SourceControlWarning_DeletePipelineFromAzureDevOps" + }, + { + "value": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" + }, + { + "value": "SourceControlWarning_DeleteRoleAssignment" + }, + { + "value": "SourceControl_DeletedWithWarnings" + } + ] + } + } + }, + "parameters": { + "RepoTypeParameter": { + "description": "The repo type.", + "in": "body", + "name": "repoType", + "required": true, + "schema": { + "$ref": "#/definitions/RepoType" + }, + "x-ms-parameter-location": "method" + }, + "SourceControlIdParameter": { + "description": "Source control Id", + "in": "path", + "name": "sourceControlId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SourceControl": { + "description": "The SourceControl", + "in": "body", + "name": "sourceControl", + "required": true, + "schema": { + "$ref": "#/definitions/SourceControl" + }, + "x-ms-parameter-location": "method" + }, + "RepositoryAccess": { + "description": "The repository access credentials.", + "in": "body", + "name": "repositoryAccess", + "required": true, + "schema": { + "required": [ + "repositoryAccess" + ], + "properties": { + "repositoryAccess": { + "$ref": "#/definitions/RepositoryAccess" + } + } + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json new file mode 100644 index 000000000000..0c8686ec3aed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json @@ -0,0 +1,1097 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { + "post": { + "x-ms-examples": { + "Create a new Threat Intelligence": { + "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Create a new threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to create indicators.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { + "get": { + "x-ms-examples": { + "Get all threat intelligence indicators": { + "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get all threat intelligence indicators.", + "operationId": "ThreatIntelligenceIndicators_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get indicators.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { + "get": { + "x-ms-examples": { + "View a threat intelligence indicator by name": { + "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "View a threat intelligence indicator by name.", + "operationId": "ThreatIntelligenceIndicator_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to view an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Update a threat Intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to update an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Delete a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed to delete an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { + "post": { + "x-ms-examples": { + "Query threat intelligence indicators as per filtering criteria": { + "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Query threat intelligence indicators as per filtering criteria.", + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceFilteringCriteria" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { + "get": { + "x-ms-examples": { + "Get threat intelligence indicators metrics.": { + "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceMetricsList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get metrics.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { + "post": { + "x-ms-examples": { + "Append tags to a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Append tags to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceAppendTags" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed to append tags.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { + "post": { + "x-ms-examples": { + "Replace tags to a Threat Intelligence": { + "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Replace tags added to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceReplaceTags" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to replace tags.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ThreatIntelligenceName": { + "description": "Threat intelligence indicator name field.", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceProperties": { + "description": "Properties of threat intelligence indicators to create and update.", + "in": "body", + "name": "ThreatIntelligenceProperties", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceReplaceTags": { + "description": "Tags in the threat intelligence indicator to be replaced.", + "in": "body", + "name": "ThreatIntelligenceReplaceTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "in": "body", + "name": "ThreatIntelligenceFilteringCriteria", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceIndicatorEntityKind": { + "description": "The threat intelligence entity kind", + "in": "query", + "name": "ctiEntityKind", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceAppendTags": { + "description": "The threat intelligence append tags request body", + "in": "body", + "name": "ThreatIntelligenceAppendTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceAppendTags" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ThreatIntelligenceInformationList": { + "description": "List of all the threat intelligence information objects.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of information objects.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of threat intelligence information objects.", + "items": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "ThreatIntelligenceInformation": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Threat intelligence information object.", + "properties": { + "kind": { + "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", + "description": "The kind of the entity." + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "ThreatIntelligenceIndicatorModel": { + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + ], + "description": "Threat intelligence indicator entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceResourceInnerKind": { + "description": "The kind of the threat intelligence entity", + "enum": [ + "indicator" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceResourceInnerKind", + "values": [ + { + "description": "Entity represents threat intelligence indicator in the system.", + "value": "indicator" + } + ] + } + }, + "ThreatIntelligenceIndicatorProperties": { + "allOf": [ + { + "$ref": "./common/EntityTypes.json#/definitions/EntityCommonProperties" + } + ], + "description": "Describes threat intelligence entity properties", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags", + "items": { + "description": "tag", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "lastUpdatedTimeUtc": { + "description": "Last updated time in UTC", + "type": "string" + }, + "source": { + "description": "Source of a threat intelligence entity", + "type": "string" + }, + "displayName": { + "description": "Display name of a threat intelligence entity", + "type": "string" + }, + "description": { + "description": "Description of a threat intelligence entity", + "type": "string" + }, + "indicatorTypes": { + "description": "Indicator types of threat intelligence entities", + "items": { + "description": "Indicator type of a threat intelligence entity", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "pattern": { + "description": "Pattern of a threat intelligence entity", + "type": "string" + }, + "patternType": { + "description": "Pattern type of a threat intelligence entity", + "type": "string" + }, + "patternVersion": { + "description": "Pattern version of a threat intelligence entity", + "type": "string" + }, + "killChainPhases": { + "description": "Kill chain phases", + "items": { + "description": "Kill chain phase", + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "parsedPattern": { + "description": "Parsed patterns", + "items": { + "description": "Parsed pattern", + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "externalId": { + "description": "External ID of threat intelligence entity", + "type": "string" + }, + "createdByRef": { + "description": "Created by reference of threat intelligence entity", + "type": "string" + }, + "defanged": { + "description": "Is threat intelligence entity defanged", + "type": "boolean" + }, + "externalLastUpdatedTimeUtc": { + "description": "External last updated time in UTC", + "type": "string" + }, + "externalReferences": { + "description": "External References", + "items": { + "description": "external_reference", + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "granularMarkings": { + "description": "Granular Markings", + "items": { + "description": "Granular marking", + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "labels": { + "description": "Labels of threat intelligence entity", + "items": { + "description": "label", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "revoked": { + "description": "Is threat intelligence entity revoked", + "type": "boolean" + }, + "confidence": { + "description": "Confidence of threat intelligence entity", + "type": "integer", + "format": "int32" + }, + "objectMarkingRefs": { + "description": "Threat intelligence entity object marking references", + "items": { + "description": "Threat intelligence entity object marking reference", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "language": { + "description": "Language of threat intelligence entity", + "type": "string" + }, + "threatTypes": { + "description": "Threat types", + "items": { + "description": "Threat type", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "validFrom": { + "description": "Valid from", + "type": "string" + }, + "validUntil": { + "description": "Valid until", + "type": "string" + }, + "created": { + "description": "Created by", + "type": "string" + }, + "modified": { + "description": "Modified by", + "type": "string" + }, + "extensions": { + "description": "Extensions map", + "type": "object", + "additionalProperties": {} + } + }, + "type": "object" + }, + "ThreatIntelligenceKillChainPhase": { + "description": "Describes threat kill chain phase entity", + "properties": { + "killChainName": { + "description": "Kill chainName name", + "type": "string" + }, + "phaseName": { + "description": "Phase name", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPattern": { + "description": "Describes parsed pattern entity", + "properties": { + "patternTypeKey": { + "description": "Pattern type key", + "type": "string" + }, + "patternTypeValues": { + "description": "Pattern type keys", + "items": { + "description": "Pattern type key", + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "description": "Describes threat kill chain phase entity", + "properties": { + "valueType": { + "description": "Type of the value", + "type": "string" + }, + "value": { + "description": "Value of parsed pattern", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceGranularMarkingModel": { + "description": "Describes threat granular marking model entity", + "properties": { + "language": { + "description": "Language granular marking model", + "type": "string" + }, + "markingRef": { + "description": "marking reference granular marking model", + "type": "integer", + "format": "int32" + }, + "selectors": { + "description": "granular marking model selectors", + "items": { + "description": "granular marking model selector", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceExternalReference": { + "description": "Describes external reference", + "properties": { + "description": { + "description": "External reference description", + "type": "string" + }, + "externalId": { + "description": "External reference ID", + "type": "string" + }, + "sourceName": { + "description": "External reference source name", + "type": "string" + }, + "url": { + "description": "External reference URL", + "type": "string" + }, + "hashes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "External reference hashes" + } + }, + "type": "object" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "properties": { + "pageSize": { + "description": "Page size", + "type": "integer", + "format": "int32" + }, + "minConfidence": { + "description": "Minimum confidence.", + "type": "integer", + "format": "int32" + }, + "maxConfidence": { + "description": "Maximum confidence.", + "type": "integer", + "format": "int32" + }, + "minValidUntil": { + "description": "Start time for ValidUntil filter.", + "type": "string" + }, + "maxValidUntil": { + "description": "End time for ValidUntil filter.", + "type": "string" + }, + "includeDisabled": { + "description": "Parameter to include/exclude disabled indicators.", + "type": "boolean" + }, + "sortBy": { + "description": "Columns to sort by and sorting order", + "items": { + "description": "Sort By", + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "sources": { + "description": "Sources of threat intelligence indicators", + "items": { + "description": "Source", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "patternTypes": { + "description": "Pattern types", + "items": { + "description": "Pattern type", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "threatTypes": { + "description": "Threat types of threat intelligence indicators", + "items": { + "description": "Threat type of a threat intelligence indicator", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "ids": { + "description": "Ids of threat intelligence indicators", + "items": { + "description": "Id of a threat intelligence indicator", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "keywords": { + "description": "Keywords for searching threat intelligence indicators", + "items": { + "description": "keyword for searching threat intelligence indicators", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "skipToken": { + "description": "Skip token.", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingCriteria": { + "description": "List of available columns for sorting", + "properties": { + "itemKey": { + "description": "Column name", + "type": "string" + }, + "sortOrder": { + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingOrder": { + "description": "Sorting order (ascending/descending/unsorted).", + "enum": [ + "unsorted", + "ascending", + "descending" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceSortingOrder", + "values": [ + { + "value": "unsorted" + }, + { + "value": "ascending" + }, + { + "value": "descending" + } + ] + } + }, + "ThreatIntelligenceAppendTags": { + "description": "Array of tags to be appended to the threat intelligence indicator.", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags to be appended.", + "items": { + "description": "parameter", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricsList": { + "description": "List of all the threat intelligence metric fields (type/threat type/source).", + "properties": { + "value": { + "description": "Array of threat intelligence metric fields (type/threat type/source).", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetrics" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "ThreatIntelligenceMetrics": { + "description": "Threat intelligence metrics.", + "properties": { + "properties": { + "description": "Threat intelligence metrics.", + "$ref": "#/definitions/ThreatIntelligenceMetric" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetric": { + "description": "Describes threat intelligence metric", + "properties": { + "lastUpdatedTimeUtc": { + "description": "Last updated indicator metric", + "type": "string" + }, + "threatTypeMetrics": { + "description": "Threat type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "patternTypeMetrics": { + "description": "Pattern type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "sourceMetrics": { + "description": "Source metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricEntity": { + "description": "Describes threat intelligence metric entity", + "properties": { + "metricName": { + "description": "Metric name", + "type": "string" + }, + "metricValue": { + "description": "Metric value", + "type": "integer", + "format": "int32" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json new file mode 100644 index 000000000000..8fc815a1401c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json @@ -0,0 +1,353 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}": { + "get": { + "tags": [ + "triggered analytics rule run" + ], + "description": "Gets the triggered analytics rule run.", + "operationId": "triggeredAnalyticsRuleRun_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "description": "the triggered rule id", + "in": "path", + "name": "ruleRunId", + "required": true, + "type": "string" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRun_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns": { + "get": { + "tags": [ + "triggered analytics rule runs" + ], + "description": "Gets the triggered analytics rule runs.", + "operationId": "getTriggeredAnalyticsRuleRuns_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRuns" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRuns_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun": { + "post": { + "tags": [ + "trigger analytics rule run" + ], + "description": "triggers analytics rule run", + "operationId": "alertRule_TriggerRuleRun", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AnalyticsRuleRunTriggerParameter" + } + ], + "responses": { + "202": { + "description": "The analytics rule run was successfully triggered.", + "headers": { + "Location": { + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggerRuleRun_Post": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json" + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + } + }, + "definitions": { + "ProvisioningState": { + "enum": [ + "Accepted", + "InProgress", + "Succeeded", + "Failed", + "Canceled" + ], + "description": "The triggered analytics rule run provisioning state", + "type": "string", + "example": "Accepted", + "x-ms-enum": { + "name": "ProvisioningState", + "modelAsString": true, + "values": [ + { + "value": "Accepted" + }, + { + "value": "InProgress" + }, + { + "value": "Succeeded" + }, + { + "value": "Failed" + }, + { + "value": "Canceled" + } + ] + } + }, + "TriggeredAnalyticsRuleRun": { + "required": [ + "properties" + ], + "description": "The triggered analytics rule run", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRunProperties", + "x-ms-client-flatten": true + } + } + }, + "TriggeredAnalyticsRuleRunProperties": { + "required": [ + "executionTimeUtc", + "provisioningState", + "ruleId", + "triggeredAnalyticsRuleRunId" + ], + "description": "The triggered analytics rule run Properties", + "type": "object", + "properties": { + "executionTimeUtc": { + "format": "date-time", + "type": "string" + }, + "ruleId": { + "type": "string" + }, + "triggeredAnalyticsRuleRunId": { + "type": "string" + }, + "provisioningState": { + "$ref": "#/definitions/ProvisioningState" + }, + "ruleRunAdditionalData": { + "type": "object", + "additionalProperties": {} + } + } + }, + "TriggeredAnalyticsRuleRuns": { + "required": [ + "value" + ], + "description": "The triggered analytics rule run array", + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "nextLink": { + "type": "string", + "readOnly": true + } + } + }, + "AnalyticsRuleRunTriggerProperties": { + "required": [ + "executionTimeUtc" + ], + "description": "The Analytics Rule Run Trigger properties", + "type": "object", + "properties": { + "executionTimeUtc": { + "format": "date-time", + "type": "string" + } + } + }, + "AnalyticsRuleRunTrigger": { + "required": [ + "properties" + ], + "description": "Analytics Rule Run Trigger request", + "properties": { + "properties": { + "$ref": "#/definitions/AnalyticsRuleRunTriggerProperties", + "description": "The analytics Rule Run Trigger request", + "x-ms-client-flatten": true + } + }, + "type": "object" + } + }, + "parameters": { + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AnalyticsRuleRunTriggerParameter": { + "description": "The Analytics Rule Run Trigger parameter", + "in": "body", + "name": "analyticsRuleRunTriggerParameter", + "required": true, + "schema": { + "$ref": "#/definitions/AnalyticsRuleRunTrigger" + }, + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "tags": [ + { + "name": "AnalyticsOnDemandArm", + "description": "Controller that handles requests for triggeredAnalyticsRuleRuns ARM API." + }, + { + "name": "AnalyticsOnDemandArm", + "description": "Triggered Analytics Rule Runs" + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json new file mode 100644 index 000000000000..5ef837636039 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json @@ -0,0 +1,721 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets all watchlists, without watchlist items.", + "operationId": "Watchlists_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "Watchlists_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "operationId": "Watchlists_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "headers": { + "Azure-AsyncOperation": { + "description": "Contains the status URL on which clients are expected to poll the status of the delete operation.", + "type": "string" + } + } + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + }, + "Creates or updates a watchlist and bulk creates watchlist items.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation header.", + "operationId": "Watchlists_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/Watchlist" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Created. The response includes the Provisioning State and the Azure-AsyncOperation header. To get the progress of the operation, call GET operation on the URL in Azure-AsyncOperation header field.", + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "headers": { + "Azure-AsyncOperation": { + "description": "Contains the status URL on which clients are expected to poll the status of the operation.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets all watchlist Items.", + "operationId": "WatchlistItems_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "WatchlistItems_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist Item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "operationId": "WatchlistItems_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Creates or updates a watchlist item.", + "operationId": "WatchlistItems_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + }, + { + "$ref": "#/parameters/WatchlistItem" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "WatchlistList": { + "description": "List all the watchlists.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlists.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist.", + "items": { + "$ref": "#/definitions/Watchlist" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Watchlist": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistProperties": { + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "description": "The id (a Guid) of the watchlist", + "type": "string" + }, + "displayName": { + "description": "The display name of the watchlist", + "type": "string" + }, + "provider": { + "description": "The provider of the watchlist", + "type": "string" + }, + "source": { + "description": "The filename of the watchlist, called 'source'", + "type": "string" + }, + "sourceType": { + "description": "The sourceType of the watchlist", + "enum": [ + "Local file", + "Remote storage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "sourceType" + } + }, + "created": { + "description": "The time the watchlist was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the watchlist", + "type": "object" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist", + "type": "object" + }, + "description": { + "description": "A description of the watchlist", + "type": "string" + }, + "watchlistType": { + "description": "The type of the watchlist", + "type": "string" + }, + "watchlistAlias": { + "description": "The alias of the watchlist", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist is deleted or not", + "type": "boolean" + }, + "labels": { + "description": "List of labels relevant to this watchlist", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "defaultDuration": { + "description": "The default duration of a watchlist (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "tenantId": { + "description": "The tenantId where the watchlist belongs to", + "type": "string" + }, + "numberOfLinesToSkip": { + "description": "The number of lines in a csv/tsv content to skip before the header", + "type": "integer", + "format": "int32" + }, + "rawContent": { + "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint", + "type": "string" + }, + "itemsSearchKey": { + "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.", + "type": "string" + }, + "contentType": { + "description": "The content type of the raw content. Example : text/csv or text/tsv ", + "type": "string" + }, + "uploadStatus": { + "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted", + "type": "string" + } + }, + "required": [ + "displayName", + "provider", + "itemsSearchKey" + ], + "type": "object" + }, + "WatchlistItemList": { + "description": "List all the watchlist items.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlist item.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist items.", + "items": { + "$ref": "#/definitions/WatchlistItem" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "WatchlistItem": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistItemProperties": { + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "description": "The type of the watchlist item", + "type": "string" + }, + "watchlistItemId": { + "description": "The id (a Guid) of the watchlist item", + "type": "string" + }, + "tenantId": { + "description": "The tenantId to which the watchlist item belongs to", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist item is deleted or not", + "type": "boolean" + }, + "created": { + "description": "The time the watchlist item was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist item was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item", + "type": "object" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item", + "type": "object", + "additionalProperties": {} + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping", + "type": "object", + "additionalProperties": {} + } + }, + "required": [ + "itemsKeyValue" + ], + "type": "object" + } + }, + "parameters": { + "WatchlistAlias": { + "description": "Watchlist Alias", + "in": "path", + "name": "watchlistAlias", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Watchlist": { + "description": "The watchlist", + "in": "body", + "name": "watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItem": { + "description": "The watchlist item", + "in": "body", + "name": "watchlistItem", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItemId": { + "description": "Watchlist Item Id (GUID)", + "in": "path", + "name": "watchlistItemId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json new file mode 100644 index 000000000000..d3a61a25566c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json @@ -0,0 +1,737 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments": { + "get": { + "x-ms-examples": { + "Get all workspace manager assignments for the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all workspace manager assignments for the Sentinel workspace manager.", + "operationId": "WorkspaceManagerAssignments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignmentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a workspace manager assignment", + "operationId": "WorkspaceManagerAssignments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Creates or updates a workspace manager assignment.", + "operationId": "WorkspaceManagerAssignments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignment" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes a workspace manager assignment", + "operationId": "WorkspaceManagerAssignments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs": { + "get": { + "x-ms-examples": { + "Get all jobs for the specified Sentinel workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllJobs.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all jobs for the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/JobList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + }, + "post": { + "x-ms-examples": { + "Creates a job for the specified workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/CreateJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Create a job for the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager job": { + "$ref": "./examples/workspaceManagerAssignments/GetJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a job", + "operationId": "WorkspaceManagerAssignmentJobs_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/JobName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager job.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes the specified job from the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/JobName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerAssignment": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager assignment", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerAssignmentProperties", + "description": "The workspace manager assignment object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerAssignmentProperties": { + "description": "The workspace manager assignment properties", + "properties": { + "targetResourceName": { + "description": "The resource name of the workspace manager group targeted by the workspace manager assignment", + "type": "string" + }, + "lastJobEndTime": { + "description": "The time the last job associated to this assignment ended at", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "lastJobProvisioningState": { + "description": "State of the last job associated to this assignment", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "provisioningState", + "values": [ + { + "description": "The job succeeded", + "value": "Succeeded" + }, + { + "description": "The job was canceled", + "value": "Canceled" + }, + { + "description": "The job is in progress", + "value": "InProgress" + }, + { + "description": "The job failed", + "value": "Failed" + } + ] + } + }, + "items": { + "description": "List of resources included in this workspace manager assignment", + "items": { + "$ref": "#/definitions/assignmentItem" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "targetResourceName", + "items" + ], + "type": "object" + }, + "assignmentItem": { + "description": "An entity describing a content item.", + "properties": { + "resourceId": { + "description": "The resource id of the content item", + "type": "string" + } + }, + "type": "object" + }, + "WorkspaceManagerAssignmentList": { + "description": "List of all the workspace manager assignments.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager assignments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager assignments.", + "items": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Job": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "The assignment job", + "properties": { + "properties": { + "$ref": "#/definitions/JobProperties", + "description": "The job object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "JobProperties": { + "description": "The job properties", + "properties": { + "endTime": { + "description": "The time the job completed", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "items": { + "description": "List of items published by the job", + "items": { + "$ref": "#/definitions/jobItem" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "provisioningState": { + "description": "State of the job", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "provisioningState", + "values": [ + { + "description": "The job succeeded", + "value": "Succeeded" + }, + { + "description": "The job was canceled", + "value": "Canceled" + }, + { + "description": "The job is in progress", + "value": "InProgress" + }, + { + "description": "The job failed", + "value": "Failed" + } + ] + } + }, + "startTime": { + "description": "The time the job started", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "errorMessage": { + "description": "Message to describe error, if an error exists", + "type": "string", + "readOnly": true + } + }, + "type": "object" + }, + "jobItem": { + "description": "An entity describing the publish status of a content item.", + "properties": { + "resourceId": { + "description": "The resource id of the content item", + "type": "string" + }, + "status": { + "description": "Status of the item publication", + "enum": [ + "Succeeded", + "Failed", + "InProgress" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "status", + "values": [ + { + "description": "The item publication succeeded", + "value": "Succeeded" + }, + { + "description": "The item publication failed", + "value": "Failed" + }, + { + "description": "The item publication is in progress", + "value": "InProgress" + } + ] + } + }, + "executionTime": { + "description": "The time the item publishing was completed", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "errors": { + "description": "The list of error descriptions if the item publication fails.", + "items": { + "$ref": "#/definitions/error" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "error": { + "description": "The error description for why a publication failed", + "type": "object", + "properties": { + "memberResourceName": { + "description": "The member resource name for which the publication error occured", + "type": "string" + }, + "errorMessage": { + "description": "The error message", + "type": "string" + } + }, + "required": [ + "memberResourceName", + "errorMessage" + ] + }, + "JobList": { + "description": "List of all the jobs", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of jobs.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of jobs.", + "items": { + "$ref": "#/definitions/Job" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerAssignmentName": { + "description": "The name of the workspace manager assignment", + "in": "path", + "name": "workspaceManagerAssignmentName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerAssignment": { + "description": "The workspace manager assignment", + "in": "body", + "name": "workspaceManagerAssignment", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + }, + "x-ms-parameter-location": "method" + }, + "JobName": { + "description": "The job name", + "in": "path", + "name": "jobName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..8700ffa53285 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json @@ -0,0 +1,323 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations": { + "get": { + "x-ms-examples": { + "Get all workspace manager configurations for a Sentinel workspace.": { + "$ref": "./examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets all workspace manager configurations for a Sentinel workspace.", + "operationId": "WorkspaceManagerConfigurations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfigurationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets a workspace manager configuration", + "operationId": "WorkspaceManagerConfigurations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Deletes a workspace manager configuration", + "operationId": "WorkspaceManagerConfigurations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or Update a workspace manager Configuration": { + "$ref": "./examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Creates or updates a workspace manager configuration.", + "operationId": "WorkspaceManagerConfigurations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfiguration" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerConfiguration": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager configuration", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerConfigurationProperties", + "description": "The workspace manager configuration object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerConfigurationProperties": { + "description": "The workspace manager configuration properties", + "properties": { + "mode": { + "description": "The current mode of the workspace manager configuration", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "mode", + "values": [ + { + "description": "The workspace manager configuration is enabled", + "value": "Enabled" + }, + { + "description": "The workspace manager configuration is disabled", + "value": "Disabled" + } + ] + } + } + }, + "required": [ + "mode" + ], + "type": "object" + }, + "WorkspaceManagerConfigurationList": { + "description": "List all the workspace manager configurations for the workspace.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager configurations.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager configurations.", + "items": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerConfigurationName": { + "description": "The name of the workspace manager configuration", + "in": "path", + "name": "workspaceManagerConfigurationName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerConfiguration": { + "description": "The workspace manager configuration", + "in": "body", + "name": "workspaceManagerConfiguration", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json new file mode 100644 index 000000000000..5f572cf2b79d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json @@ -0,0 +1,318 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups": { + "get": { + "x-ms-examples": { + "Get all workspace manager groups in the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets all workspace manager groups in the Sentinel workspace manager", + "operationId": "WorkspaceManagerGroups_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroupList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager group": { + "$ref": "./examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets a workspace manager group", + "operationId": "WorkspaceManagerGroups_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Creates or updates a workspace manager group.", + "operationId": "WorkspaceManagerGroups_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroup" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Deletes a workspace manager group", + "operationId": "WorkspaceManagerGroups_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerGroup": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager group", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerGroupProperties", + "description": "The workspace manager group object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerGroupProperties": { + "description": "The workspace manager group properties", + "properties": { + "description": { + "description": "The description of the workspace manager group", + "type": "string" + }, + "displayName": { + "description": "The display name of the workspace manager group", + "type": "string" + }, + "memberResourceNames": { + "description": "The names of the workspace manager members participating in this group.", + "items": { + "description": "memberResourceName", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "memberResourceNames" + ], + "type": "object" + }, + "WorkspaceManagerGroupList": { + "description": "List of all the workspace manager groups.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager groups.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager groups.", + "items": { + "$ref": "#/definitions/WorkspaceManagerGroup" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerGroupName": { + "description": "The name of the workspace manager group", + "in": "path", + "name": "workspaceManagerGroupName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerGroup": { + "description": "The workspace manager group object", + "in": "body", + "name": "workspaceManagerGroup", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json new file mode 100644 index 000000000000..0f99c0d12c7b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json @@ -0,0 +1,310 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/": { + "get": { + "x-ms-examples": { + "Get all workspace manager members": { + "$ref": "./examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets all workspace manager members that exist for the given Sentinel workspace manager", + "operationId": "WorkspaceManagerMembers_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMembersList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/GetWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets a workspace manager member", + "operationId": "WorkspaceManagerMembers_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or Update a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Creates or updates a workspace manager member", + "operationId": "WorkspaceManagerMembers_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMember" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Deletes a workspace manager member", + "operationId": "WorkspaceManagerMembers_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerMemberProperties": { + "description": "The workspace manager member properties", + "properties": { + "targetWorkspaceId": { + "description": "Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager", + "type": "string" + }, + "targetWorkspaceTenantId": { + "description": "Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager", + "type": "string" + } + }, + "required": [ + "targetWorkspaceId", + "targetWorkspaceTenantId" + ], + "type": "object" + }, + "WorkspaceManagerMember": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager member", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerMemberProperties", + "description": "The workspace manager member object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerMembersList": { + "description": "List of workspace manager members", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager members", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager members", + "items": { + "$ref": "#/definitions/WorkspaceManagerMember" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerMemberName": { + "description": "The name of the workspace manager member", + "in": "path", + "name": "workspaceManagerMemberName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerMember": { + "description": "The workspace manager member object", + "in": "body", + "name": "workspaceManagerMember", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json new file mode 100644 index 000000000000..a4166f06d255 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json @@ -0,0 +1,81 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-06-01-preview", + "title": "Common Alert types" + }, + "paths": {}, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "definitions": { + "AlertSeverityEnum": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "Reconnaissance", + "ResourceDevelopment", + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack", + "ImpairProcessControl", + "InhibitResponseFunction" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json new file mode 100644 index 000000000000..a4fc34c3a950 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json @@ -0,0 +1,429 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-06-01-preview", + "title": "Common content metadata types" + }, + "paths": {}, + "definitions": { + "metadataContentId": { + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a metadata, both will have the same contentId.", + "type": "string" + }, + "metadataParentId": { + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", + "type": "string" + }, + "metadataDisplayName": { + "description": "DisplayName of the content.", + "type": "string" + }, + "metadataVersion": { + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", + "type": "string" + }, + "metadataPackageKind": { + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "packageKind", + "values": [ + { + "value": "Solution" + }, + { + "value": "Standalone" + } + ] + } + }, + "metadataKind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "kind", + "values": [ + { + "value": "DataConnector" + }, + { + "value": "DataType" + }, + { + "value": "Workbook" + }, + { + "value": "WorkbookTemplate" + }, + { + "value": "Playbook" + }, + { + "value": "PlaybookTemplate" + }, + { + "value": "AnalyticsRuleTemplate" + }, + { + "value": "AnalyticsRule" + }, + { + "value": "HuntingQuery" + }, + { + "value": "InvestigationQuery" + }, + { + "value": "Parser" + }, + { + "value": "Watchlist" + }, + { + "value": "WatchlistTemplate" + }, + { + "value": "Solution" + }, + { + "value": "AzureFunction" + }, + { + "value": "LogicAppsCustomConnector" + }, + { + "value": "AutomationRule" + } + ] + } + }, + "metadataTrueFalseFlag": { + "type": "string", + "description": "The boolean value the metadata is for.", + "enum": [ + "true", + "false" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "flag", + "values": [ + { + "value": "true" + }, + { + "value": "false" + } + ] + } + }, + "metadataSource": { + "description": "The original source of the content item, where it comes from.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Source type of the content", + "type": "string", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "sourceKind", + "values": [ + { + "value": "LocalWorkspace" + }, + { + "value": "Community" + }, + { + "value": "Solution" + }, + { + "value": "SourceRepository" + } + ] + } + }, + "name": { + "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", + "type": "string" + }, + "sourceId": { + "description": "ID of the content source. The solution ID, workspace ID, etc", + "type": "string" + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "description": "Name of the author. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of author contact", + "type": "string" + }, + "link": { + "description": "Link for author/vendor page", + "type": "string" + } + } + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "required": [ + "tier" + ], + "properties": { + "tier": { + "description": "Type of support for content item", + "type": "string", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "supportTier", + "values": [ + { + "value": "Microsoft" + }, + { + "value": "Partner" + }, + { + "value": "Community" + } + ] + } + }, + "name": { + "description": "Name of the support contact. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of support contact", + "type": "string" + }, + "link": { + "description": "Link for support help, like to support page to open a ticket etc.", + "type": "string" + } + } + }, + "metadataDependencies": { + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "type": "object", + "properties": { + "contentId": { + "description": "Id of the content item we depend on", + "$ref": "#/definitions/metadataContentId" + }, + "kind": { + "description": "Type of the content item we depend on", + "$ref": "#/definitions/metadataKind" + }, + "version": { + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", + "$ref": "#/definitions/metadataVersion" + }, + "name": { + "description": "Name of the content item", + "type": "string" + }, + "operator": { + "description": "Operator used for list of dependencies in criteria array.", + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "operator", + "values": [ + { + "value": "AND" + }, + { + "value": "OR" + } + ] + } + }, + "criteria": { + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "type": "array", + "items": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "x-ms-identifiers": [ + "contentId" + ] + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "description": "domain for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "verticals": { + "description": "Industry verticals for the solution content item", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "str1", + "str2", + "str3" + ] + } + } + }, + "metadataProviders": { + "description": "Providers for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "metadataFirstPublishDate": { + "description": "first publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataLastPublishDate": { + "description": "last publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataCustomVersion": { + "description": "The custom version of the content. A optional free text", + "type": "string" + }, + "metadataContentSchemaVersion": { + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", + "type": "string" + }, + "metadataIcon": { + "description": "the icon identifier. this id can later be fetched from the metadata", + "type": "string" + }, + "metadataThreatAnalysisTactics": { + "description": "the tactics the resource covers", + "type": "array", + "example": [ + "reconnaissance", + "exfiltration" + ], + "items": { + "type": "string" + } + }, + "metadataThreatAnalysisTechniques": { + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "type": "array", + "example": [ + "T1548", + "T1548.001", + "T1134.003" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImages": { + "description": "preview image file names. These will be taken from the solution artifacts", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImagesDark": { + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataTags": { + "description": "the tags assigned to the resource", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json new file mode 100644 index 000000000000..54839090a674 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json @@ -0,0 +1,2550 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-06-01-preview", + "title": "Common Entity types" + }, + "paths": {}, + "definitions": { + "AccountEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "description": "The Azure Active Directory tenant id.", + "readOnly": true, + "type": "string" + }, + "aadUserId": { + "description": "The Azure Active Directory user id.", + "readOnly": true, + "type": "string" + }, + "accountName": { + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name of the account.", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this is a domain account.", + "readOnly": true, + "type": "boolean" + }, + "ntDomain": { + "description": "The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "puid": { + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true, + "type": "string" + }, + "upnSuffix": { + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The fully qualified domain DNS name.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "AzureResourceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "description": "The azure resource id of the resource", + "readOnly": true, + "type": "string" + }, + "subscriptionId": { + "description": "The subscription id of the resource", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "CloudApplicationEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "description": "The technical identifier of the application.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "appName": { + "description": "The name of the related cloud application.", + "readOnly": true, + "type": "string" + }, + "instanceName": { + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "DnsEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true, + "type": "string" + }, + "domainName": { + "description": "The name of the dns record associated with the alert", + "readOnly": true, + "type": "string" + }, + "hostIpAddressEntityId": { + "description": "An ip entity id for the dns request client", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityIds": { + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "description": "Ip entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "Entity": { + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "properties": { + "kind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the entity." + } + }, + "description": "Specific entity.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": true, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "EntityInnerKind": { + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail", + "Nic" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityKindEnum", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns resolution in the system.", + "value": "DnsResolution" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "Ip" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "Url" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents bookmark in the system.", + "value": "Bookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" + } + ] + } + }, + "EntityInnerType": { + "description": "The type of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DNS", + "FileHash", + "IP", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "IoTDevice", + "SecurityAlert", + "HuntingBookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail", + "Nic" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityType", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns in the system.", + "value": "DNS" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "IP" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "URL" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents HuntingBookmark in the system.", + "value": "HuntingBookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" + } + ] + } + }, + "EntityQueryKind": { + "description": "The kind of the entity query", + "enum": [ + "Expansion", + "Insight", + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryKind", + "values": [ + { + "value": "Expansion" + }, + { + "value": "Insight" + }, + { + "value": "Activity" + } + ] + } + }, + "ExpansionResultAggregation": { + "description": "Information of a specific aggregation in the expansion result.", + "properties": { + "aggregationType": { + "description": "The common type of the aggregation. (for e.g. entity field name)", + "type": "string" + }, + "count": { + "description": "Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.", + "type": "integer", + "format": "int32" + }, + "displayName": { + "description": "The display name of the aggregation by type.", + "type": "string" + }, + "entityKind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "entityKind", + "count" + ], + "type": "object" + }, + "ExpansionResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "aggregations": { + "description": "Information of the aggregated nodes in the expansion result.", + "items": { + "$ref": "#/definitions/ExpansionResultAggregation" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "FileEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "File entity property bag.", + "properties": { + "directory": { + "description": "The full path to the file.", + "readOnly": true, + "type": "string" + }, + "fileHashEntityIds": { + "description": "The file hash entity identifiers associated with this file", + "items": { + "description": "file hash id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "fileName": { + "description": "The file name without path (some alerts might not include path).", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id which the file belongs to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "FileHashEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileHashAlgorithm", + "values": [ + { + "description": "Unknown hash algorithm", + "value": "Unknown" + }, + { + "description": "MD5 hash type", + "value": "MD5" + }, + { + "description": "SHA1 hash type", + "value": "SHA1" + }, + { + "description": "SHA256 hash type", + "value": "SHA256" + }, + { + "description": "SHA256 Authenticode hash type", + "value": "SHA256AC" + } + ] + } + }, + "hashValue": { + "description": "The file hash value.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HostEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Host entity property bag.", + "properties": { + "azureID": { + "description": "The azure resource id of the VM.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true, + "type": "string" + }, + "hostName": { + "description": "The hostname without the domain suffix.", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this host belongs to a domain.", + "readOnly": true, + "type": "boolean" + }, + "netBiosName": { + "description": "The host name (pre-windows2000).", + "readOnly": true, + "type": "string" + }, + "ntDomain": { + "description": "The NT domain that this host belongs to.", + "readOnly": true, + "type": "string" + }, + "omsAgentID": { + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true, + "type": "string" + }, + "osFamily": { + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "OSFamily", + "values": [ + { + "description": "Host with Linux operating system.", + "value": "Linux" + }, + { + "description": "Host with Windows operating system.", + "value": "Windows" + }, + { + "description": "Host with Android operating system.", + "value": "Android" + }, + { + "description": "Host with IOS operating system.", + "value": "IOS" + }, + { + "description": "Host with Unknown operating system.", + "value": "Unknown" + } + ] + } + }, + "osVersion": { + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HuntingBookmark": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "eventTime": { + "description": "The time of the event", + "format": "date-time", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "../../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "incidentInfo": { + "$ref": "IncidentTypes.json#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "IoTDeviceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true, + "type": "string" + }, + "deviceName": { + "description": "The friendly name of the device", + "readOnly": true, + "type": "string" + }, + "source": { + "description": "The source of the device", + "readOnly": true, + "type": "string" + }, + "iotSecurityAgentId": { + "description": "The ID of the security agent running on the device", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "deviceType": { + "description": "The type of the device", + "readOnly": true, + "type": "string" + }, + "vendor": { + "description": "The vendor of the device", + "readOnly": true, + "type": "string" + }, + "edgeId": { + "description": "The ID of the edge device", + "readOnly": true, + "type": "string" + }, + "macAddress": { + "description": "The MAC address of the device", + "readOnly": true, + "type": "string" + }, + "model": { + "description": "The model of the device", + "readOnly": true, + "type": "string" + }, + "serialNumber": { + "description": "The serial number of the device", + "readOnly": true, + "type": "string" + }, + "firmwareVersion": { + "description": "The firmware version of the device", + "readOnly": true, + "type": "string" + }, + "operatingSystem": { + "description": "The operating system of the device", + "readOnly": true, + "type": "string" + }, + "iotHubEntityId": { + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id of this device", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity if of this device", + "readOnly": true, + "type": "string" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "ThreatIntelligenceTypes.json#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "protocols": { + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "owners": { + "description": "A list of owners of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "nicEntityIds": { + "description": "A list of Nic entity ids of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "site": { + "description": "The site of the device", + "readOnly": true, + "type": "string" + }, + "zone": { + "description": "The zone location of the device within a site", + "readOnly": true, + "type": "string" + }, + "sensor": { + "description": "The sensor the device is monitored by", + "readOnly": true, + "type": "string" + }, + "deviceSubType": { + "description": "The subType of the device ('PLC', 'HMI', 'EWS', etc.)", + "readOnly": true, + "type": "string" + }, + "importance": { + "description": "Device importance, determines if the device classified as 'crown jewel'", + "enum": [ + "Unknown", + "Low", + "Normal", + "High" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeviceImportance", + "values": [ + { + "description": "Unknown - Default value", + "value": "Unknown" + }, + { + "description": "Low", + "value": "Low" + }, + { + "description": "Normal", + "value": "Normal" + }, + { + "description": "High", + "value": "High" + } + ] + } + }, + "purdueLayer": { + "description": "The Purdue Layer of the device", + "readOnly": true, + "type": "string" + }, + "isAuthorized": { + "description": "Determines whether the device classified as authorized device", + "readOnly": true, + "type": "boolean" + }, + "isProgramming": { + "description": "Determines whether the device classified as programming device", + "readOnly": true, + "type": "boolean" + }, + "isScanner": { + "description": "Is the device classified as a scanner device", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "IpEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Ip entity property bag.", + "properties": { + "address": { + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true, + "type": "string" + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "ThreatIntelligenceTypes.json#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "GeoLocation": { + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "description": "Autonomous System Number", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "city": { + "description": "City name", + "readOnly": true, + "type": "string" + }, + "countryCode": { + "description": "The country code according to ISO 3166 format", + "readOnly": true, + "type": "string" + }, + "countryName": { + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true, + "type": "string" + }, + "latitude": { + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "longitude": { + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "state": { + "description": "State name", + "readOnly": true, + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "MailboxEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "description": "The mailbox's primary address", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The mailbox's display name", + "readOnly": true, + "type": "string" + }, + "upn": { + "description": "The mailbox's UPN", + "readOnly": true, + "type": "string" + }, + "externalDirectoryObjectId": { + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "format": "uuid", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailClusterEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "description": "A mail message ID", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true, + "type": "object" + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true, + "type": "object" + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true, + "type": "object" + }, + "threats": { + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "description": "A threat", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "query": { + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true, + "type": "string" + }, + "queryTime": { + "description": "The query time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "mailCount": { + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "isVolumeAnomaly": { + "description": "Is this a volume anomaly mail cluster", + "readOnly": true, + "type": "boolean" + }, + "source": { + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true, + "type": "string" + }, + "clusterSourceIdentifier": { + "description": "The id of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterSourceType": { + "description": "The type of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterQueryStartTime": { + "description": "The cluster query start time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterQueryEndTime": { + "description": "The cluster query end time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterGroup": { + "description": "The cluster group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailMessageEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "recipient": { + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true, + "type": "string" + }, + "urls": { + "description": "The Urls contained in this mail message", + "items": { + "description": "A Url contained in this mail message", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "threats": { + "description": "The threats of this mail message", + "items": { + "description": "A threat of the mail message", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "p1Sender": { + "description": "The p1 sender's email address", + "readOnly": true, + "type": "string" + }, + "p1SenderDisplayName": { + "description": "The p1 sender's display name", + "readOnly": true, + "type": "string" + }, + "p1SenderDomain": { + "description": "The p1 sender's domain", + "readOnly": true, + "type": "string" + }, + "senderIP": { + "description": "The sender's IP address", + "readOnly": true, + "type": "string" + }, + "p2Sender": { + "description": "The p2 sender's email address", + "readOnly": true, + "type": "string" + }, + "p2SenderDisplayName": { + "description": "The p2 sender's display name", + "readOnly": true, + "type": "string" + }, + "p2SenderDomain": { + "description": "The p2 sender's domain", + "readOnly": true, + "type": "string" + }, + "receiveDate": { + "description": "The receive date of this message", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "networkMessageId": { + "description": "The network message id of this mail message", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "internetMessageId": { + "description": "The internet message id of this mail message", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of this mail message", + "readOnly": true, + "type": "string" + }, + "language": { + "description": "The language of this mail message", + "readOnly": true, + "type": "string" + }, + "threatDetectionMethods": { + "description": "The threat detection methods", + "items": { + "description": "A threat detection method", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "bodyFingerprintBin1": { + "description": "The bodyFingerprintBin1", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin2": { + "description": "The bodyFingerprintBin2", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin3": { + "description": "The bodyFingerprintBin3", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin4": { + "description": "The bodyFingerprintBin4", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin5": { + "description": "The bodyFingerprintBin5", + "type": "integer", + "format": "int32" + }, + "antispamDirection": { + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AntispamMailDirection", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbound", + "value": "Inbound" + }, + { + "description": "Outbound", + "value": "Outbound" + }, + { + "description": "Intraorg", + "value": "Intraorg" + } + ] + } + }, + "deliveryAction": { + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryAction", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "DeliveredAsSpam", + "value": "DeliveredAsSpam" + }, + { + "description": "Delivered", + "value": "Delivered" + }, + { + "description": "Blocked", + "value": "Blocked" + }, + { + "description": "Replaced", + "value": "Replaced" + } + ] + } + }, + "deliveryLocation": { + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryLocation", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbox", + "value": "Inbox" + }, + { + "description": "JunkFolder", + "value": "JunkFolder" + }, + { + "description": "DeletedFolder", + "value": "DeletedFolder" + }, + { + "description": "Quarantine", + "value": "Quarantine" + }, + { + "description": "External", + "value": "External" + }, + { + "description": "Failed", + "value": "Failed" + }, + { + "description": "Dropped", + "value": "Dropped" + }, + { + "description": "Forwarded", + "value": "Forwarded" + } + ] + } + } + }, + "type": "object" + }, + "MalwareEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Malware entity property bag.", + "properties": { + "category": { + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true, + "type": "string" + }, + "fileEntityIds": { + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "description": "file entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "malwareName": { + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true, + "type": "string" + }, + "processEntityIds": { + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "description": "process entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ProcessEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "description": "The account entity id running the processes.", + "readOnly": true, + "type": "string" + }, + "commandLine": { + "description": "The command line used to create the process", + "readOnly": true, + "type": "string" + }, + "creationTimeUtc": { + "description": "The time when the process started to run", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "elevationToken": { + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "ElevationToken", + "values": [ + { + "description": "Default elevation token", + "value": "Default" + }, + { + "description": "Full elevation token", + "value": "Full" + }, + { + "description": "Limited elevation token", + "value": "Limited" + } + ] + } + }, + "hostEntityId": { + "description": "The host entity id on which the process was running", + "readOnly": true, + "type": "string" + }, + "hostLogonSessionEntityId": { + "description": "The session entity id in which the process was running", + "readOnly": true, + "type": "string" + }, + "imageFileEntityId": { + "description": "Image file entity id", + "readOnly": true, + "type": "string" + }, + "parentProcessEntityId": { + "description": "The parent process entity id.", + "readOnly": true, + "type": "string" + }, + "processId": { + "description": "The process ID", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryKeyEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryHive", + "values": [ + { + "description": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE" + }, + { + "description": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT" + }, + { + "description": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG" + }, + { + "description": "HKEY_USERS", + "value": "HKEY_USERS" + }, + { + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "description": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA" + }, + { + "description": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "description": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT" + }, + { + "description": "HKEY_A", + "value": "HKEY_A" + }, + { + "description": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER" + } + ] + } + }, + "key": { + "description": "The registry key path.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryValueEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "description": "The registry key entity id.", + "readOnly": true, + "type": "string" + }, + "valueData": { + "description": "String formatted representation of the value data.", + "readOnly": true, + "type": "string" + }, + "valueName": { + "description": "The registry value name.", + "readOnly": true, + "type": "string" + }, + "valueType": { + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryValueKind", + "values": [ + { + "description": "None", + "value": "None" + }, + { + "description": "Unknown value type", + "value": "Unknown" + }, + { + "description": "String value type", + "value": "String" + }, + { + "description": "ExpandString value type", + "value": "ExpandString" + }, + { + "description": "Binary value type", + "value": "Binary" + }, + { + "description": "DWord value type", + "value": "DWord" + }, + { + "description": "MultiString value type", + "value": "MultiString" + }, + { + "description": "QWord value type", + "value": "QWord" + } + ] + } + } + }, + "type": "object" + }, + "SecurityAlert": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "description": "The display name of the alert.", + "readOnly": true, + "type": "string" + }, + "alertType": { + "description": "The type name of the alert.", + "readOnly": true, + "type": "string" + }, + "compromisedEntity": { + "description": "Display name of the main entity being reported on.", + "readOnly": true, + "type": "string" + }, + "confidenceLevel": { + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceLevel", + "values": [ + { + "description": "Unknown confidence, the is the default value", + "value": "Unknown" + }, + { + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack", + "value": "Low" + }, + { + "description": "High confidence that the alert is true positive malicious", + "value": "High" + } + ] + } + }, + "confidenceReasons": { + "description": "The confidence reasons", + "items": { + "description": "confidence reason item", + "properties": { + "reason": { + "description": "The reason's description", + "readOnly": true, + "type": "string" + }, + "reasonType": { + "description": "The type (category) of the reason", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "confidenceScore": { + "description": "The confidence score of the alert.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "confidenceScoreStatus": { + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceScoreStatus", + "values": [ + { + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst", + "value": "NotApplicable" + }, + { + "description": "No score was set yet and calculation is in progress", + "value": "InProcess" + }, + { + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data", + "value": "NotFinal" + }, + { + "description": "Final score was calculated and available", + "value": "Final" + } + ] + } + }, + "description": { + "description": "Alert description.", + "readOnly": true, + "type": "string" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "intent": { + "description": "Holds the alert intent stage(s) mapping for this alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "providerAlertId": { + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "processingEndTime": { + "description": "The time the alert was made available for consumption.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "productComponentName": { + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "productName": { + "description": "The name of the product which published this alert.", + "readOnly": true, + "type": "string" + }, + "productVersion": { + "description": "The version of the product generating the alert.", + "readOnly": true, + "type": "string" + }, + "remediationSteps": { + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "severity": { + "$ref": "AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity of the alert", + "type": "string" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "status": { + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertStatus", + "values": [ + { + "description": "Unknown value", + "value": "Unknown" + }, + { + "description": "New alert", + "value": "New" + }, + { + "description": "Alert closed after handling", + "value": "Resolved" + }, + { + "description": "Alert dismissed as false positive", + "value": "Dismissed" + }, + { + "description": "Alert is being handled", + "value": "InProgress" + } + ] + } + }, + "systemAlertId": { + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true, + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert", + "items": { + "$ref": "AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "timeGenerated": { + "description": "The time the alert was generated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "vendorName": { + "description": "The name of the vendor that raise the alert.", + "readOnly": true, + "type": "string" + }, + "alertLink": { + "description": "The uri link of the alert.", + "readOnly": true, + "type": "string" + }, + "resourceIdentifiers": { + "description": "The list of resource identifiers of the alert.", + "items": { + "type": "object" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "SecurityGroupEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "description": "The group distinguished name", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "SubmissionMailEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "description": "The network message id of email to which submission belongs", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submissionId": { + "description": "The submission id", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submitter": { + "description": "The submitter", + "readOnly": true, + "type": "string" + }, + "submissionDate": { + "description": "The submission date", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "timestamp": { + "description": "The Time stamp when the message is received (Mail)", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "recipient": { + "description": "The recipient of the mail", + "readOnly": true, + "type": "string" + }, + "sender": { + "description": "The sender of the mail", + "readOnly": true, + "type": "string" + }, + "senderIp": { + "description": "The sender's IP", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of submission mail", + "readOnly": true, + "type": "string" + }, + "reportType": { + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UrlEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Url entity property bag.", + "properties": { + "url": { + "description": "A full URL the entity points to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "NicEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an network interface entity.", + "properties": { + "properties": { + "$ref": "#/definitions/NicEntityProperties", + "description": "Network interface entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Nic" + }, + "NicEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Nic entity property bag.", + "properties": { + "macAddress": { + "description": "The MAC address of this network interface", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity id of this network interface", + "readOnly": true, + "type": "string" + }, + "vlans": { + "description": "A list of VLANs of the network interface entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json new file mode 100644 index 000000000000..a252ef4f143a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json @@ -0,0 +1,246 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-06-01-preview", + "title": "Common Incident types" + }, + "paths": {}, + "definitions": { + "IncidentClassificationEnum": { + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassification", + "values": [ + { + "description": "Incident classification was undetermined", + "value": "Undetermined" + }, + { + "description": "Incident was true positive", + "value": "TruePositive" + }, + { + "description": "Incident was benign positive", + "value": "BenignPositive" + }, + { + "description": "Incident was false positive", + "value": "FalsePositive" + } + ] + } + }, + "IncidentClassificationReasonEnum": { + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassificationReason", + "values": [ + { + "description": "Classification reason was suspicious activity", + "value": "SuspiciousActivity" + }, + { + "description": "Classification reason was suspicious but expected", + "value": "SuspiciousButExpected" + }, + { + "description": "Classification reason was incorrect alert logic", + "value": "IncorrectAlertLogic" + }, + { + "description": "Classification reason was inaccurate data", + "value": "InaccurateData" + } + ] + } + }, + "IncidentLabel": { + "description": "Represents an incident label", + "properties": { + "labelName": { + "description": "The name of the label", + "type": "string" + }, + "labelType": { + "$ref": "#/definitions/IncidentLabelType" + } + }, + "required": [ + "labelName" + ], + "type": "object" + }, + "IncidentLabelType": { + "description": "The type of the label", + "enum": [ + "User", + "AutoAssigned" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "AutoAssigned" + } + ] + } + }, + "IncidentSeverityEnum": { + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "IncidentStatusEnum": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } + }, + "IncidentOwnerInfo": { + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "description": "The email of the user the incident is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the incident is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the incident is assigned to.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the user the incident is assigned to.", + "type": "string" + }, + "ownerType": { + "description": "The type of the owner the incident is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The incident owner type is unknown", + "value": "Unknown" + }, + { + "description": "The incident owner type is an AAD user", + "value": "User" + }, + { + "description": "The incident owner type is an AAD group", + "value": "Group" + } + ] + } + } + }, + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "type": "string", + "$ref": "#/definitions/IncidentSeverityEnum" + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json new file mode 100644 index 000000000000..0f6a7c2a2f21 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json @@ -0,0 +1,95 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-06-01-preview", + "title": "Common Relation types" + }, + "paths": {}, + "definitions": { + "RelationList": { + "description": "List of relations.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of relations.", + "type": "string" + }, + "value": { + "description": "Array of relations.", + "type": "array", + "items": { + "$ref": "#/definitions/Relation" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "allOf": [ + { + "$ref": "../../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + } + } + }, + "RelationProperties": { + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "description": "The resource ID of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceType": { + "description": "The resource type of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceKind": { + "description": "The resource kind of the related resource", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + } + }, + "parameters": { + "RelationName": { + "name": "relationName", + "in": "path", + "required": true, + "type": "string", + "description": "Relation Name", + "x-ms-parameter-location": "method" + }, + "Relation": { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json new file mode 100644 index 000000000000..75cbd66b97d3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json @@ -0,0 +1,48 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-06-01-preview", + "title": "Common Relation types" + }, + "paths": {}, + "definitions": { + "ThreatIntelligence": { + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "description": "Confidence (must be between 0 and 1)", + "format": "double", + "readOnly": true, + "type": "number" + }, + "providerName": { + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true, + "type": "string" + }, + "reportLink": { + "description": "Report link", + "readOnly": true, + "type": "string" + }, + "threatDescription": { + "description": "Threat description (free text)", + "readOnly": true, + "type": "string" + }, + "threatName": { + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true, + "type": "string" + }, + "threatType": { + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json new file mode 100644 index 000000000000..fe87d75666ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json @@ -0,0 +1,3118 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "operationId": "DataConnectors_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "x-ms-examples": { + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + }, + "Get a TI data connector": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get a TI Taxii data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceTaxiiById.json" + }, + "Get a MCAS data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a ASC data connector": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get an AADIP (Azure Active Directory Identity Protection) data connector": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an Aws S3 data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesS3ById.json" + }, + "Get an AATP data connector": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + }, + "Get an Office ATP data connector": { + "$ref": "./examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json" + }, + "Get an Office IRM data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json" + }, + "Get an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/GetOffice365ProjectDataConnetorById.json" + }, + "Get a MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json" + }, + "Get an Office365 PowerBI data connector": { + "$ref": "./examples/dataConnectors/GetOfficePowerBIDataConnetorById.json" + }, + "Get a Dynamics365 data connector": { + "$ref": "./examples/dataConnectors/GetDynamics365DataConnectorById.json" + }, + "Get a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatProtectionById.json" + }, + "Get a MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" + }, + "Get a GenericUI data connector": { + "$ref": "./examples/dataConnectors/GetGenericUI.json" + }, + "Get a APIPolling data connector": { + "$ref": "./examples/dataConnectors/GetAPIPolling.json" + }, + "Get a IoT data connector": { + "$ref": "./examples/dataConnectors/GetIoTById.json" + }, + "Get a GCP data connector": { + "$ref": "./examples/dataConnectors/GetGoogleCloudPlatformById.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "operationId": "DataConnectors_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Office365 data connector": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/CreateOffice365ProjectDataConnetor.json" + }, + "Creates or updates an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Creates or updates a Microsoft Threat Intelligence data connector.": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json" + }, + "Creates or updates an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/CreateOfficePowerBIDataConnector.json" + }, + "Creates or updates a Threat Intelligence Taxii data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json" + }, + "Creates or updates an Threat Intelligence Platform data connector": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + }, + "Creates or updates a Dynamics365 data connector.": { + "$ref": "./examples/dataConnectors/CreateDynamics365DataConnetor.json" + }, + "Creates or updates a GenericUI data connector": { + "$ref": "./examples/dataConnectors/CreateGenericUI.json" + }, + "Creates or updates a APIPolling data connector": { + "$ref": "./examples/dataConnectors/CreateAPIPolling.json" + }, + "Creates or updates a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json" + }, + "Creates or updates a GCP data connector": { + "$ref": "./examples/dataConnectors/CreateGoogleCloudPlatform.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "operationId": "DataConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnector" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an Office365 data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + }, + "Delete an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json" + }, + "Delete an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Delete an MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json" + }, + "Delete an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json" + }, + "Delete a GenericUI data connector": { + "$ref": "./examples/dataConnectors/DeleteGenericUI.json" + }, + "Delete a APIPolling data connector": { + "$ref": "./examples/dataConnectors/DeleteAPIPolling.json" + }, + "Delete a GCP data connector": { + "$ref": "./examples/dataConnectors/DeleteGoogleCloudPlatform.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "operationId": "DataConnectors_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect": { + "post": { + "x-ms-examples": { + "Connect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPolling.json" + }, + "Connect an APIPolling V2 logs data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPollingV2Logs.json" + } + }, + "tags": [ + "Data Connectors Connect" + ], + "description": "Connects a data connector.", + "operationId": "DataConnectors_Connect", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnectorConnectBody" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect": { + "post": { + "x-ms-examples": { + "Disconnect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/DisconnectAPIPolling.json" + } + }, + "tags": [ + "Data Connectors Disconnect" + ], + "description": "Disconnect a data connector.", + "operationId": "DataConnectors_Disconnect", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements": { + "post": { + "x-ms-examples": { + "Check requirements for TI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligence.json" + }, + "Check requirements for TI Taxii.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection).": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no license.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no authorization.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json" + }, + "Check requirements for ASC.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json" + }, + "Check requirements for Mcas.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json" + }, + "Check requirements for Mdatp.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMdatp.json" + }, + "Check requirements for OfficeATP.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeATP.json" + }, + "Check requirements for OfficeIRM.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeIRM.json" + }, + "Check requirements for Office365Project.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOffice365Project.json" + }, + "Check requirements for MicrosoftPurviewInformationProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json" + }, + "Check requirements for OfficePowerBI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficePowerBI.json" + }, + "Check requirements for Dynamics365.": { + "$ref": "./examples/dataConnectors/CheckRequirementsDynamics365.json" + }, + "Check requirements for MicrosoftThreatProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json" + }, + "Check requirements for MicrosoftThreatIntelligence.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json" + }, + "Check requirements for IoT.": { + "$ref": "./examples/dataConnectors/CheckRequirementsIoT.json" + } + }, + "tags": [ + "Check Data Connector Requirements" + ], + "description": "Get requirements state for a data connector type.", + "operationId": "DataConnectorsCheckRequirements_Post", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorsCheckRequirementsBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/DataConnectorRequirementsState" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AADCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AADIP (Azure Active Directory Identity Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AADCheckRequirementsProperties", + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "type": "object" + }, + "AATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPCheckRequirementsProperties", + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "ASCCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents ASC (Azure Security Center) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCCheckRequirementsProperties", + "description": "ASC (Azure Security Center) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCCheckRequirementsProperties": { + "description": "ASC (Azure Security Center) requirements check properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Amazon Web Services CloudTrail requirements check request.", + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsS3CheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Amazon Web Services S3 requirements check request.", + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "DataConnectorsCheckRequirements": { + "description": "Data connector requirements properties.", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "Describes the kind of connector to be checked.", + "type": "string" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "DataConnectorAuthorizationState": { + "description": "Describes the state of user's authorization for a connector kind.", + "enum": [ + "Valid", + "Invalid" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorAuthorizationState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + } + ] + } + }, + "DataConnectorLicenseState": { + "description": "Describes the state of user's license for a connector kind.", + "enum": [ + "Valid", + "Invalid", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorLicenseState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + }, + { + "value": "Unknown" + } + ] + } + }, + "DataConnectorRequirementsState": { + "description": "Data connector requirements status.", + "properties": { + "authorizationState": { + "description": "Authorization state for this connector", + "$ref": "#/definitions/DataConnectorAuthorizationState" + }, + "licenseState": { + "description": "License state for this connector", + "$ref": "#/definitions/DataConnectorLicenseState" + } + }, + "type": "object" + }, + "Dynamics365CheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Dynamics365 requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365CheckRequirementsProperties", + "description": "Dynamics365 requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365CheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 requirements check properties.", + "type": "object" + }, + "MCASCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASCheckRequirementsProperties", + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "type": "object" + }, + "MDATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPCheckRequirementsProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "MSTICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Microsoft Threat Intelligence requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTICheckRequirementsProperties", + "description": "Microsoft Threat Intelligence requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence requirements check properties.", + "type": "object" + }, + "MtpCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPCheckRequirementsProperties", + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "type": "object" + }, + "OfficeATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPCheckRequirementsProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "OfficeIRMCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMCheckRequirementsProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "type": "object" + }, + "MicrosoftPurviewInformationProtectionCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MicrosoftPurviewInformationProtection requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionCheckRequirementsProperties", + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "type": "object" + }, + "Office365ProjectCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Office365 Project requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectCheckRequirementsProperties", + "description": "Office365 Project requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office365 Project requirements check properties.", + "type": "object" + }, + "OfficePowerBICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Office PowerBI requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBICheckRequirementsProperties", + "description": "Office Power BI requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office PowerBI requirements check properties.", + "type": "object" + }, + "TICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence Platforms data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TICheckRequirementsProperties", + "description": "Threat Intelligence Platforms data connector check required properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence Platforms data connector required properties.", + "properties": {}, + "type": "object" + }, + "TiTaxiiCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence TAXII data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiCheckRequirementsProperties", + "description": "Threat Intelligence TAXII check required properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector required properties.", + "type": "object" + }, + "IoTCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents IoT requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTCheckRequirementsProperties", + "description": "IoT requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IOT" + }, + "IoTCheckRequirementsProperties": { + "description": "IoT requirements check properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AADDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AADIP (Azure Active Directory Identity Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "type": "object" + }, + "AlertsDataTypeOfDataConnector": { + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "MSTIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Threat Intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTIDataConnectorProperties", + "description": "Microsoft Threat Intelligence data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTIDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "microsoftEmergingThreatFeed": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "properties": { + "lookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "type": "string" + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "type": "object", + "required": [ + "lookbackPeriod" + ] + } + }, + "type": "object", + "required": [ + "microsoftEmergingThreatFeed" + ] + }, + "MSTIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MSTIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "MTPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPDataConnectorProperties", + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Protection Platforms data connector.", + "properties": { + "incidents": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Incidents data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + }, + "alerts": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Alerts data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "incidents" + ] + }, + "MtpProvider": { + "description": "The available data providers.", + "enum": [ + "microsoftDefenderForCloudApps", + "microsoftDefenderForIdentity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MtpProvider" + } + }, + "MtpFilteredProviders": { + "description": "Represents the connector's Filtered providers", + "properties": { + "alerts": { + "description": "Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state.", + "items": { + "$ref": "#/definitions/MtpProvider" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "MTPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MTPDataConnectorDataTypes", + "description": "The available data types for the connector." + }, + "filteredProviders": { + "$ref": "#/definitions/MtpFilteredProviders", + "description": "The available filtered providers for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "AATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "ASCDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsCloudTrailDataConnectorProperties": { + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "AwsS3DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services S3 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsS3DataConnectorProperties", + "description": "Amazon Web Services S3 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "AwsS3DataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services S3 data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsS3DataConnectorProperties": { + "description": "Amazon Web Services S3 data connector properties.", + "properties": { + "destinationTable": { + "description": "The logs destination table name in LogAnalytics.", + "type": "string" + }, + "sqsUrls": { + "description": "The AWS sqs urls for the connector.", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "AWS sqs url.", + "type": "string" + } + }, + "roleArn": { + "description": "The Aws Role Arn that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsS3DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "destinationTable", + "sqsUrls", + "roleArn", + "dataTypes" + ] + }, + "GCPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Google Cloud Platform data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/GCPDataConnectorProperties", + "description": "Google Cloud Platform data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "GCP" + }, + "GCPDataConnectorProperties": { + "description": "Google Cloud Platform data connector properties.", + "properties": { + "connectorDefinitionName": { + "description": "The name of the connector definition that represents the UI config.", + "type": "string" + }, + "auth": { + "$ref": "#/definitions/GCPAuthProperties", + "description": "The auth section of the connector." + }, + "request": { + "$ref": "#/definitions/GCPRequestProperties", + "description": "The request section of the connector." + }, + "dcrConfig": { + "$ref": "#/definitions/DCRConfiguration", + "description": "The configuration of the destination of the data." + } + }, + "type": "object", + "required": [ + "connectorDefinitionName", + "auth", + "request" + ] + }, + "GCPAuthProperties": { + "description": "Google Cloud Platform auth section properties.", + "properties": { + "serviceAccountEmail": { + "description": "The service account that is used to access the GCP project.", + "type": "string" + }, + "projectNumber": { + "description": "The GCP project number.", + "type": "string" + }, + "workloadIdentityProviderId": { + "description": "The workload identity provider id that is used to gain access to the GCP project.", + "type": "string" + } + }, + "type": "object", + "required": [ + "serviceAccountEmail", + "projectNumber", + "workloadIdentityProviderId" + ] + }, + "GCPRequestProperties": { + "description": "Google Cloud Platform request section properties.", + "properties": { + "projectId": { + "description": "The GCP project id.", + "type": "string" + }, + "subscriptionNames": { + "description": "The GCP pub/sub subscription names.", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "GCP pub/sub subscription name.", + "type": "string" + } + } + }, + "type": "object", + "required": [ + "projectId", + "subscriptionNames" + ] + }, + "DCRConfiguration": { + "description": "The configuration of the destination of the data.", + "properties": { + "dataCollectionEndpoint": { + "description": "Represents the data collection ingestion endpoint in log analytics.", + "type": "string" + }, + "dataCollectionRuleImmutableId": { + "description": "The data collection rule immutable id, the rule defines the transformation and data destination.", + "type": "string" + }, + "streamName": { + "description": "The stream we are sending the data to.", + "type": "string" + } + }, + "type": "object", + "required": [ + "dataCollectionEndpoint", + "dataCollectionRuleImmutableId", + "streamName" + ] + }, + "DataConnector": { + "description": "Data connector", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "The data connector kind", + "type": "string" + } + }, + "type": "object" + }, + "DataConnectorDataTypeCommon": { + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataTypeState" + } + } + }, + "type": "object", + "required": [ + "state" + ] + }, + "DataConnectorWithAlertsProperties": { + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "DataConnectorKind": { + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "Office365", + "OfficeATP", + "OfficeIRM", + "Office365Project", + "MicrosoftPurviewInformationProtection", + "OfficePowerBI", + "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", + "Dynamics365", + "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", + "GenericUI", + "APIPolling", + "IOT", + "GCP" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorKind", + "values": [ + { + "value": "AzureActiveDirectory" + }, + { + "value": "AzureSecurityCenter" + }, + { + "value": "MicrosoftCloudAppSecurity" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "ThreatIntelligenceTaxii" + }, + { + "value": "Office365" + }, + { + "value": "OfficeATP" + }, + { + "value": "OfficeIRM" + }, + { + "value": "Office365Project" + }, + { + "value": "MicrosoftPurviewInformationProtection" + }, + { + "value": "OfficePowerBI" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AmazonWebServicesS3" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" + }, + { + "value": "Dynamics365" + }, + { + "value": "MicrosoftThreatProtection" + }, + { + "value": "MicrosoftThreatIntelligence" + }, + { + "value": "GenericUI" + }, + { + "value": "APIPolling" + }, + { + "value": "IOT" + }, + { + "value": "GCP" + } + ] + } + }, + "DataConnectorList": { + "description": "List all the data connectors.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of data connectors.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of data connectors.", + "items": { + "$ref": "#/definitions/DataConnector" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "DataConnectorTenantId": { + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object", + "required": [ + "tenantId" + ] + }, + "MCASDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ], + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "type": "object" + }, + "MCASDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "Dynamics365DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Dynamics365 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365DataConnectorProperties", + "description": "Dynamics365 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365DataConnectorDataTypes": { + "description": "The available data types for Dynamics365 data connector.", + "properties": { + "dynamics365CdsActivities": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Common Data Service data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "dynamics365CdsActivities" + ] + }, + "Dynamics365DataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Dynamics365DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "OfficeATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPDataConnectorProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "MicrosoftPurviewInformationProtectionDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Purview Information Protection data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionDataConnectorProperties", + "description": "Microsoft Purview Information Protection data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionConnectorDataTypes": { + "description": "The available data types for Microsoft Purview Information Protection data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "MicrosoftPurviewInformationProtectionDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Purview Information Protection data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "Office365ProjectDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Office Microsoft Project data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectDataConnectorProperties", + "description": "Office Microsoft Project data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectConnectorDataTypes": { + "description": "The available data types for Office Microsoft Project data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "Office365ProjectDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office Microsoft Project data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Office365ProjectConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "OfficePowerBIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Office Microsoft PowerBI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBIDataConnectorProperties", + "description": "Office Microsoft PowerBI data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBIConnectorDataTypes": { + "description": "The available data types for Office Microsoft PowerBI data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "OfficePowerBIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office Microsoft PowerBI data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficePowerBIConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "OfficeIRMDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMDataConnectorProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "type": "object" + }, + "MDATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "OfficeDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Exchange data type connection.", + "type": "object" + }, + "sharePoint": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "SharePoint data type connection.", + "type": "object" + }, + "teams": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Teams data type connection.", + "type": "object" + } + }, + "required": [ + "exchange", + "sharePoint", + "teams" + ], + "type": "object" + }, + "OfficeDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "TIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for indicators connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "indicators" + ] + }, + "TIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "TiTaxiiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiDataConnectorProperties", + "description": "Threat intelligence TAXII data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiDataConnectorDataTypes": { + "description": "The available data types for Threat Intelligence TAXII data connector.", + "properties": { + "taxiiClient": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for TAXII connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "taxiiClient" + ] + }, + "TiTaxiiDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector properties.", + "properties": { + "workspaceId": { + "description": "The workspace id.", + "type": "string" + }, + "friendlyName": { + "description": "The friendly name for the TAXII server.", + "type": "string" + }, + "taxiiServer": { + "description": "The API root for the TAXII server.", + "type": "string" + }, + "collectionId": { + "description": "The collection id of the TAXII server.", + "type": "string" + }, + "userName": { + "description": "The userName for the TAXII server.", + "type": "string" + }, + "password": { + "description": "The password for the TAXII server.", + "type": "string" + }, + "taxiiLookbackPeriod": { + "description": "The lookback period for the TAXII server.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "pollingFrequency": { + "description": "The polling frequency for the TAXII server.", + "type": "string", + "x-nullable": true, + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "PollingFrequency", + "values": [ + { + "description": "Once a minute", + "value": "OnceAMinute" + }, + { + "description": "Once an hour", + "value": "OnceAnHour" + }, + { + "description": "Once a day", + "value": "OnceADay" + } + ] + } + }, + "dataTypes": { + "$ref": "#/definitions/TiTaxiiDataConnectorDataTypes", + "description": "The available data types for Threat Intelligence TAXII data connector." + } + }, + "required": [ + "dataTypes", + "pollingFrequency" + ], + "type": "object" + }, + "IoTDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents IoT data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDataConnectorProperties", + "description": "IoT data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IOT" + }, + "IoTDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "IoT data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "CodelessUiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Codeless UI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/CodelessParameters", + "description": "Codeless UI data connector properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "GenericUI" + }, + "CodelessParameters": { + "description": "Represents Codeless UI data connector", + "type": "object", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + } + } + }, + "CodelessUiConnectorConfigProperties": { + "description": "Config to describe the instructions blade", + "type": "object", + "properties": { + "title": { + "description": "Connector blade title", + "type": "string" + }, + "publisher": { + "description": "Connector publisher name", + "type": "string" + }, + "descriptionMarkdown": { + "description": "Connector description", + "type": "string" + }, + "customImage": { + "description": "An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery", + "type": "string" + }, + "graphQueriesTableName": { + "description": "Name of the table the connector will insert the data to", + "type": "string" + }, + "graphQueries": { + "description": "The graph query to show the current data status", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/GraphQueries" + } + ] + }, + "type": "array" + }, + "sampleQueries": { + "description": "The sample queries for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/SampleQueries" + } + ] + }, + "type": "array" + }, + "dataTypes": { + "description": "Data types to check for last data received", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/LastDataReceivedDataType" + } + ] + }, + "type": "array" + }, + "connectivityCriteria": { + "description": "Define the way the connector check connectivity", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectivityCriteria" + } + ] + }, + "type": "array" + }, + "availability": { + "description": "Connector Availability Status", + "$ref": "#/definitions/Availability" + }, + "permissions": { + "description": "Permissions required for the connector", + "$ref": "#/definitions/Permissions" + }, + "instructionSteps": { + "description": "Instruction steps to enable the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/InstructionSteps" + } + ] + }, + "type": "array" + } + }, + "required": [ + "title", + "publisher", + "descriptionMarkdown", + "graphQueriesTableName", + "graphQueries", + "sampleQueries", + "dataTypes", + "connectivityCriteria", + "availability", + "permissions", + "instructionSteps" + ] + }, + "DataConnectorConnectBody": { + "description": "Represents Codeless API Polling data connector.", + "type": "object", + "x-ms-identifiers": [], + "properties": { + "kind": { + "description": "The authentication kind used to poll the data", + "enum": [ + "Basic", + "OAuth2", + "APIKey" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConnectAuthKind" + } + }, + "apiKey": { + "type": "string", + "description": "The API key of the audit server." + }, + "dataCollectionEndpoint": { + "type": "string", + "description": "Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics." + }, + "dataCollectionRuleImmutableId": { + "type": "string", + "description": "Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination." + }, + "outputStream": { + "type": "string", + "description": "Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR." + }, + "clientSecret": { + "type": "string", + "description": "The client secret of the OAuth 2.0 application." + }, + "clientId": { + "type": "string", + "description": "The client id of the OAuth 2.0 application." + }, + "authorizationCode": { + "type": "string", + "description": "The authorization code used in OAuth 2.0 code flow to issue a token." + }, + "userName": { + "type": "string", + "description": "The user name in the audit log server." + }, + "password": { + "type": "string", + "description": "The user password in the audit log server.", + "x-ms-secret": true + }, + "requestConfigUserInputValues": { + "type": "array", + "description": "", + "x-ms-identifiers": [], + "items": { + "type": "object" + } + } + } + }, + "CodelessApiPollingDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Codeless API Polling data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ApiPollingParameters", + "description": "Codeless poling data connector properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "APIPolling" + }, + "ApiPollingParameters": { + "description": "Represents Codeless API Polling data connector", + "type": "object", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + }, + "pollingConfig": { + "$ref": "#/definitions/CodelessConnectorPollingConfigProperties", + "description": "Config to describe the polling instructions" + } + } + }, + "CodelessConnectorPollingConfigProperties": { + "description": "Config to describe the polling config for API poller connector", + "type": "object", + "properties": { + "isActive": { + "description": "The poller active status", + "type": "boolean" + }, + "auth": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingAuthProperties", + "description": "Describe the authentication type of the poller" + }, + "request": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingRequestProperties", + "description": "Describe the poll request config parameters of the poller" + }, + "paging": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingPagingProperties", + "description": "Describe the poll request paging config of the poller" + }, + "response": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingResponseProperties", + "description": "Describe the response config parameters of the poller" + } + }, + "required": [ + "auth", + "request" + ] + }, + "CodelessConnectorPollingResponseProperties": { + "description": "Describes the response from the external server", + "type": "object", + "properties": { + "eventsJsonPaths": { + "description": "Describes the path we should extract the data in the response", + "x-ms-identifiers": [], + "items": { + "type": "string" + }, + "type": "array" + }, + "successStatusJsonPath": { + "description": "Describes the path we should extract the status code in the response", + "type": "string" + }, + "successStatusValue": { + "description": "Describes the path we should extract the status value in the response", + "type": "string" + }, + "isGzipCompressed": { + "description": "Describes if the data in the response is Gzip", + "type": "boolean" + } + }, + "required": [ + "eventsJsonPaths" + ] + }, + "CodelessConnectorPollingPagingProperties": { + "description": "Describe the properties needed to make a pagination call", + "type": "object", + "properties": { + "pagingType": { + "description": "Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'", + "type": "string" + }, + "nextPageParaName": { + "description": "Defines the name of a next page attribute", + "type": "string" + }, + "nextPageTokenJsonPath": { + "description": "Defines the path to a next page token JSON", + "type": "string" + }, + "pageCountAttributePath": { + "description": "Defines the path to a page count attribute", + "type": "string" + }, + "pageTotalCountAttributePath": { + "description": "Defines the path to a page total count attribute", + "type": "string" + }, + "pageTimeStampAttributePath": { + "description": "Defines the path to a paging time stamp attribute", + "type": "string" + }, + "searchTheLatestTimeStampFromEventsList": { + "description": "Determines whether to search for the latest time stamp in the events list", + "type": "string" + }, + "pageSizeParaName": { + "description": "Defines the name of the page size parameter", + "type": "string" + }, + "pageSize": { + "description": "Defines the paging size", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "pagingType" + ] + }, + "CodelessConnectorPollingRequestProperties": { + "description": "Describe the request properties needed to successfully pull from the server", + "type": "object", + "properties": { + "apiEndpoint": { + "description": "Describe the endpoint we should pull the data from", + "type": "string" + }, + "rateLimitQps": { + "description": "Defines the rate limit QPS", + "format": "int32", + "type": "integer" + }, + "queryWindowInMin": { + "description": "The window interval we will use the pull the data", + "format": "int32", + "type": "integer" + }, + "httpMethod": { + "description": "The http method type we will use in the poll request, GET or POST", + "type": "string" + }, + "queryTimeFormat": { + "description": "The time format will be used the query events in a specific window", + "type": "string" + }, + "retryCount": { + "description": "Describe the amount of time we should try and poll the data in case of failure", + "format": "int32", + "type": "integer" + }, + "timeoutInSeconds": { + "description": "The number of seconds we will consider as a request timeout", + "format": "int32", + "type": "integer" + }, + "headers": { + "description": "Describe the headers sent in the poll request", + "type": "object" + }, + "queryParameters": { + "description": "Describe the query parameters sent in the poll request", + "type": "object" + }, + "queryParametersTemplate": { + "description": "For advanced scenarios for example user name/password embedded in nested JSON payload", + "type": "string" + }, + "startTimeAttributeName": { + "description": "This will be used the query events from a start of the time window", + "type": "string" + }, + "endTimeAttributeName": { + "description": "This will be used the query events from the end of the time window", + "type": "string" + } + }, + "required": [ + "apiEndpoint", + "httpMethod", + "queryWindowInMin", + "queryTimeFormat" + ] + }, + "CodelessConnectorPollingAuthProperties": { + "description": "Describe the authentication properties needed to successfully authenticate with the server", + "type": "object", + "properties": { + "authType": { + "description": "The authentication type", + "type": "string" + }, + "apiKeyName": { + "description": "The header name which the token is sent with", + "type": "string" + }, + "apiKeyIdentifier": { + "description": "A prefix send in the header before the actual token", + "type": "string" + }, + "isApiKeyInPostPayload": { + "description": "Marks if the key should sent in header", + "type": "string" + }, + "flowName": { + "description": "Describes the flow name, for example 'AuthCode' for Oauth 2.0", + "type": "string" + }, + "tokenEndpoint": { + "description": "The endpoint used to issue a token, used in Oauth 2.0 flow", + "type": "string" + }, + "authorizationEndpoint": { + "description": "The endpoint used to authorize the user, used in Oauth 2.0 flow", + "type": "string" + }, + "authorizationEndpointQueryParameters": { + "description": "The query parameters used in authorization request, used in Oauth 2.0 flow", + "type": "object" + }, + "redirectionEndpoint": { + "description": "The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow", + "type": "string" + }, + "tokenEndpointHeaders": { + "description": "The query headers used in token request, used in Oauth 2.0 flow", + "type": "object" + }, + "tokenEndpointQueryParameters": { + "description": "The query parameters used in token request, used in Oauth 2.0 flow", + "type": "object" + }, + "isClientSecretInHeader": { + "description": "Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow", + "type": "boolean" + }, + "scope": { + "description": "The OAuth token scope", + "type": "string" + } + }, + "required": [ + "authType" + ] + }, + "LastDataReceivedDataType": { + "description": "Data type for last data received", + "type": "object", + "properties": { + "name": { + "description": "Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder", + "type": "string" + }, + "lastDataReceivedQuery": { + "description": "Query for indicate last data received", + "type": "string" + } + } + }, + "Permissions": { + "description": "Permissions required for the connector", + "x-ms-identifiers": [], + "type": "object", + "properties": { + "resourceProvider": { + "description": "Resource provider permissions required for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ResourceProvider" + } + ] + }, + "type": "array" + }, + "customs": { + "description": "Customs permissions required for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/Customs" + } + ] + }, + "type": "array" + } + } + }, + "Customs": { + "description": "Customs permissions required for the connector", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/CustomsPermission" + } + ] + }, + "CustomsPermission": { + "description": "Customs permissions required for the connector", + "type": "object", + "properties": { + "name": { + "description": "Customs permissions name", + "type": "string" + }, + "description": { + "description": "Customs permissions description", + "type": "string" + } + } + }, + "ResourceProvider": { + "description": "Resource provider permissions required for the connector", + "type": "object", + "properties": { + "provider": { + "description": "Provider name", + "enum": [ + "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", + "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", + "Microsoft.Authorization/policyAssignments" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ProviderName" + } + }, + "permissionsDisplayText": { + "description": "Permission description text", + "type": "string" + }, + "providerDisplayName": { + "description": "Permission provider display name", + "type": "string" + }, + "scope": { + "description": "Permission provider scope", + "enum": [ + "ResourceGroup", + "Subscription", + "Workspace" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "PermissionProviderScope" + } + }, + "requiredPermissions": { + "description": "Required permissions for the connector", + "$ref": "#/definitions/RequiredPermissions" + } + } + }, + "InstructionSteps": { + "description": "Instruction steps to enable the connector", + "type": "object", + "properties": { + "title": { + "description": "Instruction step title", + "type": "string" + }, + "description": { + "description": "Instruction step description", + "type": "string" + }, + "instructions": { + "description": "Instruction step details", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectorInstructionModelBase" + } + ] + }, + "type": "array" + } + } + }, + "ConnectorInstructionModelBase": { + "description": "Instruction step details", + "type": "object", + "properties": { + "parameters": { + "type": "object", + "description": "The parameters for the setting" + }, + "type": { + "description": "The kind of the setting", + "enum": [ + "CopyableLabel", + "InstructionStepsGroup", + "InfoMessage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingType" + } + } + }, + "required": [ + "type" + ] + }, + "RequiredPermissions": { + "description": "Required permissions for the connector", + "type": "object", + "properties": { + "action": { + "description": "action permission", + "type": "boolean" + }, + "write": { + "description": "write permission", + "type": "boolean" + }, + "read": { + "description": "read permission", + "type": "boolean" + }, + "delete": { + "description": "delete permission", + "type": "boolean" + } + } + }, + "Availability": { + "description": "Connector Availability Status", + "type": "object", + "properties": { + "status": { + "description": "The connector Availability Status", + "format": "int32", + "type": "integer", + "enum": [ + 1 + ], + "x-ms-enum": { + "name": "AvailabilityStatus", + "values": [ + { + "value": 1, + "description": "Available" + } + ] + } + }, + "isPreview": { + "description": "Set connector as preview", + "type": "boolean" + } + } + }, + "ConnectivityCriteria": { + "description": "Setting for the connector check connectivity", + "type": "object", + "properties": { + "type": { + "description": "type of connectivity", + "enum": [ + "IsConnectedQuery" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConnectivityType" + } + }, + "value": { + "description": "Queries for checking connectivity", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "checking connectivity query", + "type": "string" + } + } + } + }, + "SampleQueries": { + "description": "The sample queries for the connector", + "type": "object", + "properties": { + "description": { + "description": "The sample query description", + "type": "string" + }, + "query": { + "description": "the sample query", + "type": "string" + } + } + }, + "GraphQueries": { + "type": "object", + "description": "The graph query to show the current data status", + "properties": { + "metricName": { + "description": "the metric that the query is checking", + "type": "string" + }, + "legend": { + "description": "The legend for the graph", + "type": "string" + }, + "baseQuery": { + "description": "The base query for the graph", + "type": "string" + } + } + } + }, + "parameters": { + "DataConnector": { + "description": "The data connector", + "in": "body", + "name": "dataConnector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorId": { + "description": "Connector ID", + "in": "path", + "name": "dataConnectorId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "DataConnectorConnectBody": { + "description": "The data connector", + "in": "body", + "name": "connectBody", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorConnectBody" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorsCheckRequirementsBody": { + "description": "The parameters for requirements check message", + "in": "body", + "name": "DataConnectorsCheckRequirements", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json new file mode 100644 index 000000000000..27639541bd9d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json new file mode 100644 index 000000000000..5f3f41f8c34c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json new file mode 100644 index 000000000000..5a2bad62ed12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json new file mode 100644 index 000000000000..d8d89d04a083 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 000000000000..02bc5ae3938c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "version": "1.0.2", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 000000000000..5a89315bb837 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,238 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "version": "1.0.1", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + } + ] + }, + { + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "severityFilter": { + "enabled": false, + "isSupported": false, + "severityFilters": null + } + } + ] + } + ], + "lastUpdatedDateUTC": "2021-06-09T00:00:00Z", + "createdDateUTC": "2019-07-25T00:00:00Z", + "status": "Available", + "severity": "High", + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-07-16T00:00:00Z", + "status": "Available", + "alertRulesCreatedByTemplateCount": 0 + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json new file mode 100644 index 000000000000..c704a79f2c77 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,845 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "filters": null + } + } + ] + } + ], + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json new file mode 100644 index 000000000000..698d4ae27062 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -0,0 +1,851 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "filters": null + } + } + ] + } + ], + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "scenarioExclusionPatterns": [ + { + "exclusionPattern": "Alert providers:Azure Active Directory Identity Protection:Infected Device;Alert providers:Azure Defender:Crypto-mining activity", + "dateAddedInUTC": "2021-10-01T15:26:44.9429806Z" + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..b81074061ec4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "testing displayname", + "enabled": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json new file mode 100644 index 000000000000..8177709399a3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..d5baed8a0136 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,270 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "sentinelEntitiesMappings": [ + { + "columnName": "Entities" + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:15:30Z", + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json new file mode 100644 index 000000000000..32efb9f37c80 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json new file mode 100644 index 000000000000..46983b4f4c8d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json @@ -0,0 +1,412 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "sourceSubTypeDisplayName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2021-10-22T07:12:34.9065092Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json new file mode 100644 index 000000000000..d22fb13078d3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -0,0 +1,310 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "sourceSubTypeDisplayName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..397ccc951673 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "microsoftSecurityIncidentCreationRuleExample" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json new file mode 100644 index 000000000000..ff0659b9ead9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json new file mode 100644 index 000000000000..0aa9eedfa7ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json new file mode 100644 index 000000000000..d9fe2af3b164 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -0,0 +1,171 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "automationRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json new file mode 100644 index 000000000000..49ce84c0e168 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": {} + }, + "204": { + "body": {} + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json new file mode 100644 index 000000000000..da037c5177ad --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json new file mode 100644 index 000000000000..50e49e74695f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json new file mode 100644 index 000000000000..0a2e6e187c30 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json new file mode 100644 index 000000000000..bacfeb31a18a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "billingStatisticName": "sapSolutionUsage" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json new file mode 100644 index 000000000000..3803dd2bf5fa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json @@ -0,0 +1,143 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json new file mode 100644 index 000000000000..f94b0d32f46a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json new file mode 100644 index 000000000000..604766ffea05 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + }, + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json new file mode 100644 index 000000000000..e9a47fdee9d0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + }, + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json new file mode 100644 index 000000000000..728d317589d9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "parameters": { + "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", + "startTime": "2019-12-25T17:21:00.000Z", + "endTime": "2020-01-24T17:21:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "name": "fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json new file mode 100644 index 000000000000..28ff714eb43a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json new file mode 100644 index 000000000000..fa907d73ef80 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json new file mode 100644 index 000000000000..3c231759d2b2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json new file mode 100644 index 000000000000..ded4b381b930 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json new file mode 100644 index 000000000000..4f42446b37e2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json new file mode 100644 index 000000000000..9de32f158f4a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentSchemaVersion": "3.0.0", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json new file mode 100644 index 000000000000..7973ad240601 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01", + "packageContent": "JSON string of the package" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json new file mode 100644 index 000000000000..3e97c09d4208 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json new file mode 100644 index 000000000000..0fa2b0b2153f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json @@ -0,0 +1,148 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str", + "packageInstallationProperties": { + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json new file mode 100644 index 000000000000..47ac668e91a0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json new file mode 100644 index 000000000000..0ea8820fd07c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json new file mode 100644 index 000000000000..3b613d351b86 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "content id", + "version": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "package id", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": "JSON string of the installed template" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json new file mode 100644 index 000000000000..a519fabdbbd4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "content id", + "version": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "package id", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json new file mode 100644 index 000000000000..09c61f428da0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "content id", + "version": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "package id", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": "JSON string of the installed template" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json new file mode 100644 index 000000000000..1b8c7f4af701 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "content id", + "version": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "package id", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json new file mode 100644 index 000000000000..05ff8c449d34 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json @@ -0,0 +1,222 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "str.azure-sentinel-solution-str", + "templateInstallationProperties": { + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "displayName": "API Protection workbook template", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "packageId": "str.azure-sentinel-solution-str", + "packageName": "str", + "packageKind": "Solution", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": false, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "properties": { + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "kind": "AnalyticsRule", + "version": "1.0.0", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + } + } + } + ] + } + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "4465ebde-c381-45d7-af08-7d818072a11c", + "packageKind": "Solution", + "packageId": "package id", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "4465ebde-c381-45d7-af08-7d818072a11c", + "packageKind": "Solution", + "packageId": "package id", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json new file mode 100644 index 000000000000..b7edffc8f9ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json new file mode 100644 index 000000000000..b7edffc8f9ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json new file mode 100644 index 000000000000..b7edffc8f9ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json new file mode 100644 index 000000000000..9279b94a2d12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureSecurityCenter", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json new file mode 100644 index 000000000000..303a7ef87559 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "Dynamics365", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json new file mode 100644 index 000000000000..1654db1736a1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "IOT", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json new file mode 100644 index 000000000000..a90957eac32c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json new file mode 100644 index 000000000000..a90957eac32c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json new file mode 100644 index 000000000000..cbfad35bc401 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json new file mode 100644 index 000000000000..a13b7bb27941 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json new file mode 100644 index 000000000000..98f4ef99689c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json new file mode 100644 index 000000000000..101b6c874e12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "Office365Project", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json new file mode 100644 index 000000000000..0e7b20d3709c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficeATP", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json new file mode 100644 index 000000000000..2b205be177c6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficeIRM", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json new file mode 100644 index 000000000000..3681281b7493 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficePowerBI", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json new file mode 100644 index 000000000000..2852521e4255 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json new file mode 100644 index 000000000000..bb38e41fab7f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json new file mode 100644 index 000000000000..ec3e7b83c21b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "connectBody": { + "kind": "APIKey", + "apiKey": "123456789", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json new file mode 100644 index 000000000000..1d2960768f89 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "connectBody": { + "kind": "APIKey", + "apiKey": "123456789", + "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-34adsj9o7d6f9de204478b9cgb43b631", + "outputStream": "Custom-MyTableRawData", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json new file mode 100644 index 000000000000..d4d2b3009f17 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -0,0 +1,368 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "dataConnector": { + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json new file mode 100644 index 000000000000..dfbf1316d13b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "dataConnector": { + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json new file mode 100644 index 000000000000..861c17980c5b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -0,0 +1,437 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "dataConnector": { + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json new file mode 100644 index 000000000000..0097e85e67eb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "dataConnector": { + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..36b016f651da --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..1874dc158b3c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "dataConnector": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "1970-01-01T00:00:00.000Z" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json new file mode 100644 index 000000000000..c22dab13d439 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5", + "dataTypes": { + "incidents": { + "state": "Disabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Disabled55" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Disabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..c95f332376e5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 000000000000..1baf5035606d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json new file mode 100644 index 000000000000..2b037eb2f17d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..823848ed7f1d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 000000000000..feba43ca7e4f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", + "friendlyName": "testTaxii", + "userName": "--", + "password": "--", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json new file mode 100644 index 000000000000..935c00c80072 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json new file mode 100644 index 000000000000..935c00c80072 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json new file mode 100644 index 000000000000..86c347a8ee11 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..fe0a3ce68fa9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..e74bfeda9ecf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..fe0a3ce68fa9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 000000000000..fe0a3ce68fa9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json new file mode 100644 index 000000000000..fe0a3ce68fa9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json new file mode 100644 index 000000000000..e576f7cd1513 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "disconnectBody": {} + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json new file mode 100644 index 000000000000..ec3cc417ddd0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "customImage": "The image connector content", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 000000000000..9dd9e79ec643 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json new file mode 100644 index 000000000000..bdeb72ddd537 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "afef3743-0c88-469c-84ff-ca2e87dc1e48" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesS3", + "properties": { + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ], + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 000000000000..5c8a26b20e5e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..0c311853395c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 000000000000..fb8c21481c5b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json new file mode 100644 index 000000000000..45604c849ec7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -0,0 +1,508 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "pollingFrequency": "OnceAMinute", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesS3", + "properties": { + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ], + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json new file mode 100644 index 000000000000..d86747172e37 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json new file mode 100644 index 000000000000..cce7bba8de18 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json @@ -0,0 +1,156 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json new file mode 100644 index 000000000000..4cd1f6ec7803 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json new file mode 100644 index 000000000000..50c651797854 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "name": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "IOT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 000000000000..2037839c8806 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..859bbf5de93b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json new file mode 100644 index 000000000000..df0bc5779823 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeIRM", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json new file mode 100644 index 000000000000..a69a38f96c31 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 000000000000..901c1b7d01e7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json new file mode 100644 index 000000000000..365fe2eabfb1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Enabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json new file mode 100644 index 000000000000..319084eef276 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json new file mode 100644 index 000000000000..44defe114068 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 000000000000..3ff114816c24 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json new file mode 100644 index 000000000000..15813696b2f4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..896f92853b9a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json new file mode 100644 index 000000000000..4a6a3ef15d57 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json new file mode 100644 index 000000000000..dde14a26dace --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "ipAddress": "1.2.3.4" + }, + "responses": { + "200": { + "body": { + "asn": "12345", + "carrier": "Microsoft", + "city": "Redmond", + "cityCf": 90, + "continent": "north america", + "country": "united states", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", + "stateCf": null, + "stateCode": "wa" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json new file mode 100644 index 000000000000..7225f3056884 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "domain": "microsoft.com" + }, + "responses": { + "200": { + "body": { + "domain": "microsoft.com", + "server": null, + "created": "2021-09-01T16:15:01.187045Z", + "updated": "2021-09-01T16:15:01.187045Z", + "expires": null, + "parsedWhois": { + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactPhone": "12083895770", + "abuseContactEmail": "abuse@microsoft.com", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "contacts": { + "admin": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "registrant": null, + "billing": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "tech": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json new file mode 100644 index 000000000000..07d45a9b59a6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "dnsDomain": "contoso.com" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json new file mode 100644 index 000000000000..172d1248cc13 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "AzureResource", + "properties": { + "friendlyName": "vm1", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json new file mode 100644 index 000000000000..b2b4f48a4a1a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "CloudApplication", + "properties": { + "friendlyName": "AppName", + "appId": 1, + "appName": "AppName", + "instanceName": "InstanceName" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json new file mode 100644 index 000000000000..4bd3fabd60a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "name": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "type": "Microsoft.SecurityInsights/entities", + "kind": "DnsResolution", + "properties": { + "friendlyName": "domain", + "domainName": "domain", + "ipAddressEntityIds": [ + "475d3120-33e0-4841-9f1c-a8f15a801d19" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json new file mode 100644 index 000000000000..92054fca3cb5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "name": "fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json new file mode 100644 index 000000000000..e1c3f4e1be7a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json new file mode 100644 index 000000000000..9633f5bf1bd7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1", + "name": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "FileHash", + "properties": { + "friendlyName": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)", + "hashValue": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0", + "algorithm": "SHA256" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json new file mode 100644 index 000000000000..db246c82c7eb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json new file mode 100644 index 000000000000..72bc7133d9c3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "IoTDevice", + "properties": { + "friendlyName": "device1", + "deviceId": "device1", + "deviceName": "device1", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c", + "nicEntityIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2" + ], + "deviceType": "Industrial", + "firmwareVersion": "20.11", + "importance": "Normal", + "isAuthorized": true, + "isProgramming": false, + "isScanner": false, + "model": "demo-model", + "protocols": [ + "CIP", + "EtherNet/IP" + ], + "operatingSystem": "Windows", + "purdueLayer": "ProcessControl", + "sensor": "demo-sensor", + "site": "demo-site", + "vendor": "demo-vendor", + "zone": "zone" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json new file mode 100644 index 000000000000..3512b0bdc8c1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "friendlyName": "10.3.2.8", + "address": "10.3.2.8" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json new file mode 100644 index 000000000000..840054b741fe --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailCluster", + "properties": { + "friendlyName": "ClusterSourceIdentifier", + "networkMessageIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "countByDeliveryStatus": { + "deliveryStatus": 5 + }, + "countByThreatType": { + "threatType": 6 + }, + "countByProtectionStatus": { + "protectionStatus": 65 + }, + "threats": [ + "thrreat1", + "thread2" + ], + "query": "kqlFilter", + "queryTime": "2021-09-01T01:42:01.6026755Z", + "source": "ClusterSourceIdentifier", + "clusterSourceIdentifier": "cluster source identifier", + "clusterSourceType": "Similarity", + "clusterGroup": "cluster group" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json new file mode 100644 index 000000000000..45172227541e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailMessage", + "properties": { + "friendlyName": "cmd.exe", + "fileEntityIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "recipient": "recipient", + "urls": [ + "http://moqbrarcwmnk.banxhdcojlg.biz" + ], + "threats": [ + "thrreat1", + "thread2" + ], + "p1Sender": "email@fake.com", + "p1SenderDisplayName": "p1 sender display name", + "p1SenderDomain": "p1 sender domain", + "senderIP": "1.23.34.43", + "p2Sender": "the sender", + "deliveryAction": "Blocked", + "p2SenderDisplayName": "p2 sender display name", + "p2SenderDomain": "p2 Sender Domain", + "internetMessageId": "message id", + "subject": "subject", + "language": "language", + "threatDetectionMethods": [ + "thrreat1", + "thread2" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json new file mode 100644 index 000000000000..bd7436d5c111 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Mailbox", + "properties": { + "friendlyName": "emailAddress1", + "displayName": "display name", + "mailboxPrimaryAddress": "emailAddress1", + "upn": "upn1", + "externalDirectoryObjectId": "18cc8fdc-e169-4451-983a-bd027db286eb" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json new file mode 100644 index 000000000000..cdef5d9f29ce --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Malware", + "properties": { + "malwareName": "Win32/Toga!rfn", + "category": "Trojan", + "friendlyName": "Win32/Toga!rfn" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json new file mode 100644 index 000000000000..3a7150b2cd86 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98", + "name": "7264685c-038c-42c6-948c-38e14ef1fb98", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Process", + "properties": { + "friendlyName": "cmd.exe", + "processId": "0x2aa48", + "commandLine": "\"cmd\"", + "imageFileEntityId": "bba7b47b-c1c1-4021-b568-5b07b9292f5e" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json new file mode 100644 index 000000000000..7b93c2533beb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json @@ -0,0 +1,456 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Insight" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6", + "name": "6db7f5d1-f41e-46c2-b935-230b36a569e6", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Actions on account", + "description": "Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n", + "baseQuery": "let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Action", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Most Recent", + "outputType": "Date", + "supportDeepLink": false + }, + { + "header": "Count", + "outputType": "Number", + "supportDeepLink": true + } + ], + "queriesDefinitions": [ + { + "filter": "where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Blocked from self-service password reset', '4740')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Add user', '4720')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Delete user', '4726')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Update user','4738')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Actions by type", + "dataSets": [ + { + "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", + "xColumnName": "TimeGenerated", + "yColumnName": "Count", + "legendColumnName": "OperationName" + } + ], + "type": "BarChart" + }, + "additionalQuery": { + "text": "See all account activity", + "query": "project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_NTDomain" + ], + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ], + [ + "Account_SID" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32", + "name": "0a5d7b14-b485-450a-a0ac-4100c860ac32", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high office operation count", + "description": "Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Operation", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "Operation", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous operation timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "Operation" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous operations", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "name": "e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Resource access", + "description": "Provides the count and distinct resource accesses by a given user account\n", + "baseQuery": "let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Resource Type", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Distinct Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "Total Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "IPAddress(es)", + "outputType": "String", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "where Operation =~ 'FileUploaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where Operation =~ 'FileDownloaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Resource access over time", + "dataSets": [ + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + }, + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "See all resource activity", + "query": "where Operation in~ (Operations)" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "name": "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high Azure sign-in result count", + "description": "Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Result Description", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "ResultDescription", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous sign-in result timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "ResultDescription" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous sign-in results", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "SigninLogs" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json new file mode 100644 index 000000000000..2118e1c1de32 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryKey", + "properties": { + "friendlyName": "SOFTWARE", + "hive": "HKEY_LOCAL_MACHINE", + "key": "SOFTWARE" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json new file mode 100644 index 000000000000..fe039f986393 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356", + "name": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryValue", + "properties": { + "friendlyName": "Data", + "valueName": "Name", + "valueData": "Data", + "valueType": "String", + "keyEntityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json new file mode 100644 index 000000000000..944d92e1f7c5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "intent": "Unknown", + "alertDisplayName": "Suspicious account detected", + "description": "", + "confidenceLevel": "Unknown", + "severity": "Medium", + "vendorName": "Microsoft", + "productName": "Azure Sentinel", + "productComponentName": "Scheduled Alerts", + "alertType": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df", + "providerAlertId": "c2bafff9-fb31-41d0-a177-ecbff7a02ffe", + "processingEndTime": "2019-07-06T13:56:53.5392366Z", + "status": "New", + "endTimeUtc": "2021-09-01T13:21:45.926185Z", + "startTimeUtc": "2021-09-01T08:21:45.926185Z", + "timeGenerated": "2021-09-01T13:56:53.5392366Z", + "tactics": [ + "Persistence", + "LateralMovement" + ], + "additionalData": { + "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", + "Query Period": "05:00:00", + "Trigger Operator": "GreaterThan", + "Trigger Threshold": "200", + "Search Query Results Overall Count": "203", + "Total Account Entities": "1" + }, + "friendlyName": "Suspicious account detected", + "alertLink": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json new file mode 100644 index 000000000000..a6d13d2fff73 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityGroup", + "properties": { + "friendlyName": "Name", + "distinguishedName": "Name", + "sid": "Sid", + "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json new file mode 100644 index 000000000000..a2c2f37d2d85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SubmissionMail", + "properties": { + "friendlyName": "recipient", + "submissionId": "5bb3d8fe-54bc-499c-bc21-86fe8df2a184", + "submitter": "submitter", + "recipient": "recipient", + "sender": "sender", + "senderIp": "1.4.35.34", + "subject": "subject", + "reportType": "report type" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json new file mode 100644 index 000000000000..a132e72c9e8d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Url", + "properties": { + "friendlyName": "https://bing.com", + "url": "https://bing.com" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json new file mode 100644 index 000000000000..f438587804c9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", + "startTime": "2019-04-25T00:00:00.000Z", + "endTime": "2019-05-26T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "address": "13.89.108.248", + "friendlyName": "13.89.108.248" + } + } + ], + "edges": [ + { + "targetEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002", + "additionalData": { + "EpochTimestamp": "1608289949", + "FirstSeen": "2021-09-01T11:12:29.597Z", + "Source": "Heartbeat" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json new file mode 100644 index 000000000000..aad7e513d9f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "addDefaultExtendedTimeRange": false, + "startTime": "2021-09-01T00:00:00.000Z", + "endTime": "2021-10-01T00:00:00.000Z", + "insightQueryIds": [ + "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4" + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "tableQueryResults": { + "columns": [ + { + "name": "Title", + "type": "string" + }, + { + "name": "NameCount", + "type": "long" + }, + { + "name": "SIDCount", + "type": "long" + }, + { + "name": "InternalOrder", + "type": "long" + }, + { + "name": "Index", + "type": "long" + } + ], + "rows": [ + [ + "MyTitle", + "15", + "SID", + "1", + "1" + ] + ] + }, + "chartQueryResults": [ + { + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "Count", + "type": "long" + }, + { + "name": "Legend", + "type": "string" + } + ], + "rows": [ + [ + "2021-09-01T00:00:00.000Z", + "55", + "SomeLegend" + ] + ] + } + ], + "queryTimeInterval": { + "startTime": "2021-09-01T23:35:20Z", + "endTime": "2021-09-01T23:35:20Z" + }, + "queryId": "e29ee1ef-7445-455e-85f1-269f2d536d61" + } + ], + "metaData": { + "totalCount": 7, + "errors": [ + { + "kind": "Insight", + "queryId": "4a70a63d-25c4-6312-b73e-4f302a90c06a", + "errorMessage": "Internal server error" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json new file mode 100644 index 000000000000..4a0abb740bf7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json new file mode 100644 index 000000000000..f9287ab6809d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json new file mode 100644 index 000000000000..5fb547112fab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "numberOfBucket": 4, + "startTime": "2021-09-01T00:00:00.000Z", + "endTime": "2021-10-01T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "kind": "SecurityAlert", + "description": "The alert description", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50", + "productName": "Azure Sentinel", + "displayName": "Alert display name", + "severity": "Medium", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "alertType": "4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae", + "Intent": "Discovery" + }, + { + "kind": "Activity", + "queryId": "e0459780-ac9d-4b72-8bd4-fecf6b46a0a1", + "bucketStartTimeUTC": "2021-09-01T21:31:28.02Z", + "bucketEndTimeUTC": "2021-09-01T23:31:28.02Z", + "firstActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "lastActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "content": "he user has deleted the account 3 time(s)", + "title": "The user has deleted an account" + }, + { + "kind": "Anomaly", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_d56430ef-f421-2c9c-0b7d-d082285843c6", + "description": "Anomalous private to public port scanning activity with high destination port count along with low port ratio. The ratios are normalized by multiplying them by 10,000 to get them to a more usable value between 0.0 and 1.0.", + "productName": "Azure Sentinel", + "displayName": "(Preview) Anomalous scanning activity", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "vendor": "Microsoft", + "intent": "Discovery", + "techniques": [ + "T1046" + ], + "reasons": [ + "High destination port count", + "Low port ratio" + ] + } + ], + "metaData": { + "totalCount": 6, + "aggregations": [ + { + "count": 4, + "kind": "Activity" + }, + { + "count": 2, + "kind": "SecurityAlert" + }, + { + "count": 1, + "kind": "Anomaly" + } + ], + "errors": [ + { + "kind": "Activity", + "queryId": "11067f9f-d6a7-4488-887f-0ba564268879", + "errorMessage": "syntax error" + }, + { + "kind": "SecurityAlert", + "errorMessage": "internal server error" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json new file mode 100644 index 000000000000..75f23bd32078 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "entityQuery": { + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json new file mode 100644 index 000000000000..2903e87a54ef --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json new file mode 100644 index 000000000000..6b48be6bd8ba --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json new file mode 100644 index 000000000000..6e5bb5d4046c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "kind": "Expansion", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Least active accounts on Azure from this IP" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Most active accounts on Azure from this IP" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json new file mode 100644 index 000000000000..8c2e89adef5c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))", + "inputFields": [ + "hostName" + ], + "outputEntityTypes": [ + "Process" + ], + "dataSources": [ + "SecurityEvent" + ], + "inputEntityType": "Host", + "displayName": "Parent processes running on host" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json new file mode 100644 index 000000000000..ce1eafe11a94 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryTemplateId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueryTemplate", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json new file mode 100644 index 000000000000..a61e33e6ac7d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -0,0 +1,105 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "kind": "Activity", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json new file mode 100644 index 000000000000..5d3494bd04e4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "fileImport": { + "properties": { + "source": "mySource", + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON" + }, + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "deleteStatus": "NotDeleted" + }, + "state": "WaitingForUpload", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": null, + "validRecordCount": null, + "ingestedRecordCount": null, + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json new file mode 100644 index 000000000000..eb27ba3db8b0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "202": { + "headers": { + "location": "https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + }, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json new file mode 100644 index 000000000000..5e5b6449c01c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json new file mode 100644 index 000000000000..a52e22493ee4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "fileName.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json new file mode 100644 index 000000000000..7a9cca8cc0a3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "hunt": { + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntSequenceNumber": 0, + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json new file mode 100644 index 000000000000..0a3f94f44f21 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntComment": { + "properties": { + "message": "This is a test comment." + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json new file mode 100644 index 000000000000..df510e2edca3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntRelation": { + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "labels": [ + "Test Label" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json new file mode 100644 index 000000000000..65d3cc517061 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json new file mode 100644 index 000000000000..6bb38cb8e637 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json new file mode 100644 index 000000000000..31b60b3771ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json new file mode 100644 index 000000000000..ecc3566d7617 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt ", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json new file mode 100644 index 000000000000..93e0ef5fcc5a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json new file mode 100644 index 000000000000..ab41353d185a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "properties": { + "message": "This is a test comment." + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json new file mode 100644 index 000000000000..ca1bd1a63c8d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json new file mode 100644 index 000000000000..6460f3c73a53 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json new file mode 100644 index 000000000000..1e6c2f8359ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/b372ee75-2cad-4b71-8917-d5d5df9315b5", + "name": "b372ee75-2cad-4b71-8917-d5d5df9315b5", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json new file mode 100644 index 000000000000..610d5f03663c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "alertDisplayName": "myAlert", + "confidenceLevel": "Unknown", + "severity": "Low", + "vendorName": "Microsoft", + "productName": "Azure Security Center", + "alertType": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.615Z", + "status": "New", + "endTimeUtc": "2020-07-20T18:21:53.615Z", + "startTimeUtc": "2020-07-20T18:21:53.615Z", + "timeGenerated": "2020-07-20T18:21:53.615Z", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroup": "myRG" + } + ], + "additionalData": { + "alertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "friendlyName": "myAlert" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json new file mode 100644 index 000000000000..28ef2a443724 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.426+00:00", + "updated": "2020-06-17T15:34:01.426+00:00", + "createdBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@contoso.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@contoso.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.426+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "eTag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json new file mode 100644 index 000000000000..178812dfaf1c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json new file mode 100644 index 000000000000..96a6079eaa95 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json new file mode 100644 index 000000000000..b7146173f79f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json new file mode 100644 index 000000000000..09b92b630264 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json new file mode 100644 index 000000000000..a12510e4854c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Account", + "properties": { + "accountName": "administrator", + "ntDomain": "domain", + "friendlyName": "administrator" + } + } + ], + "metaData": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json new file mode 100644 index 000000000000..12d855b11ef5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -0,0 +1,73 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentTask": { + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json new file mode 100644 index 000000000000..8c3d24c5dfa9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json new file mode 100644 index 000000000000..ed9ac2471df5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json new file mode 100644 index 000000000000..ffc566696424 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json new file mode 100644 index 000000000000..cc6bc0f0f283 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "teamProperties": { + "teamName": "Team name", + "teamDescription": "Team description", + "groupIds": null, + "memberIds": null + } + }, + "responses": { + "200": { + "body": { + "teamId": "99978838-9bda-4ad4-8f93-4cf7ebc50ca5", + "primaryChannelUrl": "https://teams.microsoft.com/l/team/19:80bf3b25485b4067b7d2dc4eec9e1578%40thread.tacv2/conversations?groupId=99978838-9bda-4ad4-8f93-4cf7ebc50ca5&tenantId=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "teamCreationTimeUtc": "2021-03-15T17:08:21.995Z", + "name": "Team name", + "description": "Team description" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json new file mode 100644 index 000000000000..71eda4834121 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": null, + "assignedTo": null, + "userPrincipalName": null, + "ownerType": null + }, + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json new file mode 100644 index 000000000000..7bd7d4c66b2c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json new file mode 100644 index 000000000000..9eadae11cbc6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json new file mode 100644 index 000000000000..f0e162f6882f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 000000000000..f56f80ece2f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 000000000000..c341b3b84fdb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 000000000000..2263a3e98d39 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities", + "relatedResourceKind": "SecurityAlert" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 000000000000..49e19fbb498b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json new file mode 100644 index 000000000000..e7e5b0a5f4e5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd", + "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + } + }, + "responses": { + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json new file mode 100644 index 000000000000..177cccbeb34f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + } + }, + "responses": { + "204": { + "body": {} + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json new file mode 100644 index 000000000000..4cc042fcbf44 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json new file mode 100644 index 000000000000..d6def2e01e8f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", + "name": "metadataName3", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", + "version": "1.0.0.0", + "kind": "Workbook", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json new file mode 100644 index 000000000000..ff5024c94515 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ODataFilter": "properties/kind eq 'AnalyticsRule'", + "ODataOrderBy": "properties/parentId desc", + "ODataSkip": "2", + "ODataTop": "2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json new file mode 100644 index 000000000000..8a4556864106 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json @@ -0,0 +1,104 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json new file mode 100644 index 000000000000..0948a4f8e2e5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadataPatch": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json new file mode 100644 index 000000000000..f2677154841e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json @@ -0,0 +1,286 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector", + "name": "Microsoft Defender for Endpoint" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json new file mode 100644 index 000000000000..c8fb6adfcd0b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json new file mode 100644 index 000000000000..13450c004006 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json new file mode 100644 index 000000000000..f41612e79934 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json new file mode 100644 index 000000000000..f51295c0640d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json new file mode 100644 index 000000000000..28315f391c6e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default", + "sentinelOnboardingStateParameter": { + "properties": { + "customerManagedKey": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json new file mode 100644 index 000000000000..7fc62fb77bbe --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json new file mode 100644 index 000000000000..dcb707d0bba3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json new file mode 100644 index 000000000000..9af86d87a990 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json new file mode 100644 index 000000000000..a2addf0f1988 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json @@ -0,0 +1,563 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Microsoft.SecurityInsights/operations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Operations", + "operation": "Get Operations", + "description": "Gets operations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Get Automation Rules", + "description": "Gets an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Update Automation Rules", + "description": "Updates an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Delete Automation Rules", + "description": "Deletes an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Get Bookmarks", + "description": "Gets bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Update Bookmarks", + "description": "Updates bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Delete Bookmarks", + "description": "Deletes bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/expand/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Expand on entity", + "description": "Gets related entities of an entity by a specific expansion" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Get Bookmark Relations", + "description": "Gets a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Update Bookmark Relations", + "description": "Updates a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Delete Bookmark Relations", + "description": "Deletes a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Get Alert Rules", + "description": "Gets the alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Update Alert Rules", + "description": "Updates alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Delete Alert Rules", + "description": "Deletes alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Get Alert Rule Response Actions", + "description": "Gets the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Update Alert Rule Response Actions", + "description": "Updates the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Delete Alert Rule Response Actions", + "description": "Deletes the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Get Data Connectors", + "description": "Gets the data connectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Update Data Connectors", + "description": "Updates a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Delete a Data Connector", + "description": "Deletes a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectorsCheckRequirements", + "operation": "Check user authorization and license", + "description": "Check user authorization and license" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Get Incidents", + "description": "Gets an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Update Incidents", + "description": "Updates an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Delete Incidents", + "description": "Deletes an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Get Incident Comments", + "description": "Gets the incident comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Create Incident Comments", + "description": "Creates a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Delete Incident Comment", + "description": "Deletes a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Get Incident Relations", + "description": "Gets a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Update Incident Relations", + "description": "Updates a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Delete Incident Relations", + "description": "Deletes a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence", + "description": "Gets Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence", + "description": "Updates Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence", + "description": "Deletes Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence", + "description": "Query Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence", + "description": "Bulk Delete Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence", + "description": "Bulk Tags Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence Indicators", + "description": "Updates Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence Indicators", + "description": "Deletes Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicator Metrics", + "description": "Get Threat Intelligence Indicator Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence Indicators", + "description": "Bulk Delete Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence Indicators", + "description": "Bulk Tags Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicators", + "description": "Gets Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/createIndicator/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Create Threat Intelligence Indicator", + "description": "Create Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Append tags to Threat Intelligence Indicator", + "description": "Append tags to Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Replace Tags of Threat Intelligence Indicator", + "description": "Replace Tags of Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/queryIndicators/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Get Watchlists", + "description": "Gets Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Create Watchlists", + "description": "Create Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Delete Watchlists", + "description": "Deletes Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Get Onboarding States", + "description": "Gets an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Update Onboarding States", + "description": "Updates an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Delete Onboarding States", + "description": "Deletes an onboarding state" + }, + "origin": "user" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json new file mode 100644 index 000000000000..40408f4add52 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc" + }, + "responses": { + "200": { + "body": { + "recommendationTypeId": "Swagger_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByAction", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json new file mode 100644 index 000000000000..662d8eafd7a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "recommendationTypeId": "ThreatIntelligence_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByAction", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json new file mode 100644 index 000000000000..6aa6ef654a74 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "recommendationPatch": [ + { + "state": "Active" + } + ] + }, + "responses": { + "202": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-06-01-preview" + }, + "body": { + "recommendationTypeId": "ThreatIntelligence_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByUser", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json new file mode 100644 index 000000000000..840f6c23c892 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "repoType": "Github", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "url": "https://api.github.com/repos/user/reponame", + "fullName": "reponame", + "branches": [ + "master", + "develop" + ] + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..996bb902cdf0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,245 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "securityMLAnalyticsSetting": { + "kind": "Anomaly", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..47d3bf8944e3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..fc0bba6e2c1d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..d7138be4b909 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "myFirstAnomalySettings" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json new file mode 100644 index 000000000000..c73215b99439 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json new file mode 100644 index 000000000000..1e86df37becb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json new file mode 100644 index 000000000000..97423474bf0b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json new file mode 100644 index 000000000000..037c1ae8c9f7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn", + "settings": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": {} + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json new file mode 100644 index 000000000000..a9dd66f41914 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -0,0 +1,162 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "sourceControl": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My Source Control", + "description": "This is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo" + }, + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json new file mode 100644 index 000000000000..2a4ad35f7138 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "repositoryAccess": { + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + }, + "responses": { + "200": { + "body": { + "warning": { + "code": "SourceControlWarning_DeleteServicePrincipal", + "message": "ServicePrincipal has not been removed due to insufficient permissions." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json new file mode 100644 index 000000000000..083ed4fa81d4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json new file mode 100644 index 000000000000..5d0209868d1c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 000000000000..b6cf600375c2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 000000000000..11d96955b9cd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2021-09-01T19:44:44.117403Z", + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ], + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 000000000000..45815a0f0551 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2021-09-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-09-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 000000000000..d162821494ff --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 000000000000..502e0b0a6ba3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..f6b846fd951c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:18:49.2259902Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 000000000000..74d94ea74d8c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ThreatIntelligenceFilteringCriteria": { + "pageSize": 100, + "minConfidence": 25, + "maxConfidence": 80, + "minValidUntil": "2021-04-05T17:44:00.114052Z", + "maxValidUntil": "2021-04-25T17:44:00.114052Z", + "sources": [ + "Azure Sentinel" + ], + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators 2", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "valueType": "0", + "value": "SSH-2.0-PuTTY_Release_0.64" + }, + { + "valueType": "1", + "value": "194.88.106.146" + } + ] + } + ] + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 000000000000..0482052c0af8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T19:56:08.828946Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 000000000000..e8fabc6292fa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json new file mode 100644 index 000000000000..74e6c760fff5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "analyticsRuleRunTriggerParameter": { + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z" + } + } + }, + "responses": { + "202": { + "headers": { + "Code": "202", + "Message": "Accepted", + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-06-01-preview" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json new file mode 100644 index 000000000000..27e1a5e6aa7a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "provisioningState": "InProgress", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json new file mode 100644 index 000000000000..acb914dbd8dd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "provisioningState": "InProgress", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "name": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-20T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "provisioningState": "Succeeded", + "ruleRunAdditionalData": { + "auditCorrelationId": "763f9dae-1027-44b9-a34a-589404693670", + "createdBy": "user2@microsoft.com", + "healthCorrelationId": "b3c165ec-f53e-48c1-9677-216d9e930912" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json new file mode 100644 index 000000000000..5da1a903efc3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json @@ -0,0 +1,88 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "itemsSearchKey": "header1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 000000000000..518546642603 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "numberOfLinesToSkip": 1, + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "itemsSearchKey": "header1", + "contentType": "text/csv" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 000000000000..40a7b172e698 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json new file mode 100644 index 000000000000..c3649cb43d32 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-06-01-preview" + } + }, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 000000000000..570617b563b7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json new file mode 100644 index 000000000000..b32501c2f07a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json new file mode 100644 index 000000000000..462b46f7a3b9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json new file mode 100644 index 000000000000..ce465f8f3e7b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json new file mode 100644 index 000000000000..dda82a454c9b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json new file mode 100644 index 000000000000..d0f2c0b4e599 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "InProgress" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..efb780d88695 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceManagerAssignment": { + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json new file mode 100644 index 000000000000..500350dd9da2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..1b3c2a3ea5fd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json new file mode 100644 index 000000000000..65a4c23024a2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded", + "executionTime": "2022-06-14T04:49:52.9614956Z" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed", + "executionTime": "2022-06-14T04:50:52.9614956Z", + "errors": [ + { + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e", + "errorMessage": "Failed to write. Status code: Forbidden." + } + ] + } + ], + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "Failed" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json new file mode 100644 index 000000000000..5dd6cd1ae150 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json new file mode 100644 index 000000000000..2feff80b4f7e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded", + "executionTime": "2022-06-14T04:49:52.9614956Z" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed", + "executionTime": "2022-06-14T04:50:52.9614956Z", + "errors": [ + { + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e", + "errorMessage": "Failed to write. Status code: Forbidden." + } + ] + } + ], + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "Failed" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..81cefcfefa7b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..eabacdb288f6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default", + "workspaceManagerConfiguration": { + "properties": { + "mode": "Enabled" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..fa51f7d9aa87 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..11f36610021f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..378489843a38 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json new file mode 100644 index 000000000000..42fb4f036fee --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceManagerGroup": { + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json new file mode 100644 index 000000000000..3ec23085604e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json new file mode 100644 index 000000000000..e4c45c5f6379 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json new file mode 100644 index 000000000000..80cc414ddfbf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json new file mode 100644 index 000000000000..e17271704088 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceManagerMember": { + "properties": { + "targetWorkspaceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json new file mode 100644 index 000000000000..7b0d46324e13 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json new file mode 100644 index 000000000000..a071ca32f198 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json new file mode 100644 index 000000000000..991f2b915fd3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-06-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json new file mode 100644 index 000000000000..0dbd03eaa91f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json @@ -0,0 +1,138 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-06-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "x-ms-examples": { + "Get all operations.": { + "$ref": "./examples/operations/ListOperations.json" + } + }, + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "OperationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string", + "readOnly": true + }, + "value": { + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Operation": { + "description": "Operation provided by provider", + "properties": { + "display": { + "description": "Properties of the operation", + "properties": { + "description": { + "description": "Description of the operation", + "type": "string" + }, + "operation": { + "description": "Operation name", + "type": "string" + }, + "provider": { + "description": "Provider name", + "type": "string" + }, + "resource": { + "description": "Resource name", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the operation", + "type": "string" + }, + "origin": { + "description": "The origin of the operation", + "type": "string" + }, + "isDataAction": { + "description": "Indicates whether the operation is a data action", + "type": "boolean" + } + }, + "type": "object" + } + }, + "parameters": {} +} From af9be46453c4badf768fb194200dcea5bed143e0 Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Mon, 19 Jun 2023 17:25:33 -0700 Subject: [PATCH 02/10] Updates readme --- .../resource-manager/readme.md | 43 ++++++++++++++++++- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index 17f54914fdab..d16c65d0242f 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -26,17 +26,55 @@ These are the global settings for the SecurityInsights API. ``` yaml openapi-type: arm -tag: package-preview-2023-06 +tag: package-preview-2023-07 ``` --- +### Tag: package-preview-2023-07 + +These settings apply only when `--tag=package-preview-2023-07` is specified on the command line. + +```yaml $(tag) == 'package-preview-2023-07' +input-file: + - Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json +``` ### Tag: package-preview-2023-06 These settings apply only when `--tag=package-preview-2023-06` is specified on the command line. -```yaml $(tag) == 'package-preview-2023-06' +``` yaml $(tag) == 'package-preview-2023-06' input-file: - Microsoft.SecurityInsights/preview/2023-06-01-preview/AlertRules.json - Microsoft.SecurityInsights/preview/2023-06-01-preview/AutomationRules.json @@ -70,6 +108,7 @@ input-file: - Microsoft.SecurityInsights/preview/2023-06-01-preview/dataConnectors.json - Microsoft.SecurityInsights/preview/2023-06-01-preview/operations.json ``` + ### Tag: package-preview-2023-05 These settings apply only when `--tag=package-preview-2023-05` is specified on the command line. From 4df7fd2e95bc7d9c156b6103490e14402d0d42e2 Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Mon, 19 Jun 2023 17:25:39 -0700 Subject: [PATCH 03/10] Updates API version in new specs and examples --- .../preview/2023-07-01-preview/AlertRules.json | 2 +- .../preview/2023-07-01-preview/AutomationRules.json | 2 +- .../preview/2023-07-01-preview/BillingStatistics.json | 2 +- .../preview/2023-07-01-preview/Bookmarks.json | 2 +- .../preview/2023-07-01-preview/ContentPackages.json | 2 +- .../preview/2023-07-01-preview/ContentProductPackages.json | 2 +- .../preview/2023-07-01-preview/ContentProductTemplates.json | 2 +- .../preview/2023-07-01-preview/ContentTemplates.json | 2 +- .../preview/2023-07-01-preview/Enrichment.json | 2 +- .../preview/2023-07-01-preview/Entities.json | 2 +- .../preview/2023-07-01-preview/EntityQueries.json | 2 +- .../preview/2023-07-01-preview/EntityQueryTemplates.json | 2 +- .../preview/2023-07-01-preview/FileImports.json | 2 +- .../preview/2023-07-01-preview/Hunts.json | 2 +- .../preview/2023-07-01-preview/Incidents.json | 2 +- .../preview/2023-07-01-preview/Metadata.json | 2 +- .../preview/2023-07-01-preview/OfficeConsents.json | 2 +- .../preview/2023-07-01-preview/OnboardingStates.json | 2 +- .../preview/2023-07-01-preview/Recommendations.json | 2 +- .../2023-07-01-preview/SecurityMLAnalyticsSettings.json | 2 +- .../preview/2023-07-01-preview/Settings.json | 2 +- .../preview/2023-07-01-preview/SourceControls.json | 2 +- .../preview/2023-07-01-preview/ThreatIntelligence.json | 2 +- .../2023-07-01-preview/TriggeredAnalyticsRuleRuns.json | 2 +- .../preview/2023-07-01-preview/Watchlists.json | 2 +- .../2023-07-01-preview/WorkspaceManagerAssignments.json | 2 +- .../2023-07-01-preview/WorkspaceManagerConfigurations.json | 2 +- .../preview/2023-07-01-preview/WorkspaceManagerGroups.json | 2 +- .../preview/2023-07-01-preview/WorkspaceManagerMembers.json | 2 +- .../preview/2023-07-01-preview/common/AlertTypes.json | 2 +- .../preview/2023-07-01-preview/common/ContentCommonTypes.json | 2 +- .../preview/2023-07-01-preview/common/EntityTypes.json | 2 +- .../preview/2023-07-01-preview/common/IncidentTypes.json | 2 +- .../preview/2023-07-01-preview/common/RelationTypes.json | 2 +- .../2023-07-01-preview/common/ThreatIntelligenceTypes.json | 2 +- .../preview/2023-07-01-preview/dataConnectors.json | 2 +- .../examples/actions/CreateActionOfAlertRule.json | 2 +- .../examples/actions/DeleteActionOfAlertRule.json | 2 +- .../examples/actions/GetActionOfAlertRuleById.json | 2 +- .../examples/actions/GetAllActionsByAlertRule.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplateById.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplates.json | 2 +- .../examples/alertRules/CreateFusionAlertRule.json | 2 +- .../CreateFusionAlertRuleWithFusionScenarioExclusion.json | 2 +- .../CreateMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/CreateNrtAlertRule.json | 2 +- .../examples/alertRules/CreateScheduledAlertRule.json | 2 +- .../examples/alertRules/DeleteAlertRule.json | 2 +- .../examples/alertRules/GetAllAlertRules.json | 2 +- .../examples/alertRules/GetFusionAlertRule.json | 2 +- .../GetMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/GetNrtAlertRule.json | 2 +- .../examples/alertRules/GetScheduledAlertRule.json | 2 +- .../automationRules/AutomationRules_CreateOrUpdate.json | 2 +- .../examples/automationRules/AutomationRules_Delete.json | 2 +- .../examples/automationRules/AutomationRules_Get.json | 2 +- .../examples/automationRules/AutomationRules_List.json | 2 +- .../examples/billingStatistics/GetAllBillingStatistics.json | 2 +- .../examples/billingStatistics/GetBillingStatistic.json | 2 +- .../2023-07-01-preview/examples/bookmarks/CreateBookmark.json | 2 +- .../2023-07-01-preview/examples/bookmarks/DeleteBookmark.json | 2 +- .../examples/bookmarks/GetBookmarkById.json | 2 +- .../2023-07-01-preview/examples/bookmarks/GetBookmarks.json | 2 +- .../examples/bookmarks/expand/PostExpandBookmark.json | 2 +- .../examples/bookmarks/relations/CreateBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/DeleteBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/GetAllBookmarkRelations.json | 2 +- .../bookmarks/relations/GetBookmarkRelationByName.json | 2 +- .../examples/contentPackages/GetPackageById.json | 2 +- .../examples/contentPackages/GetPackages.json | 2 +- .../examples/contentPackages/GetProductPackageById.json | 2 +- .../examples/contentPackages/GetProductPackages.json | 2 +- .../examples/contentPackages/InstallPackage.json | 2 +- .../examples/contentPackages/UninstallPackage.json | 2 +- .../examples/contentTemplates/DeleteTemplate.json | 2 +- .../examples/contentTemplates/GetProductTemplateById.json | 2 +- .../examples/contentTemplates/GetProductTemplates.json | 2 +- .../examples/contentTemplates/GetTemplateById.json | 2 +- .../examples/contentTemplates/GetTemplates.json | 2 +- .../examples/contentTemplates/InstallTemplate.json | 2 +- .../dataConnectors/CheckRequirementsAzureActiveDirectory.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoAuthorization.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoLicense.json | 2 +- .../dataConnectors/CheckRequirementsAzureSecurityCenter.json | 2 +- .../examples/dataConnectors/CheckRequirementsDynamics365.json | 2 +- .../examples/dataConnectors/CheckRequirementsIoT.json | 2 +- .../examples/dataConnectors/CheckRequirementsMdatp.json | 2 +- .../CheckRequirementsMicrosoftCloudAppSecurity.json | 2 +- ...heckRequirementsMicrosoftPurviewInformationProtection.json | 2 +- .../CheckRequirementsMicrosoftThreatIntelligence.json | 2 +- .../CheckRequirementsMicrosoftThreatProtection.json | 2 +- .../dataConnectors/CheckRequirementsOffice365Project.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeATP.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeIRM.json | 2 +- .../dataConnectors/CheckRequirementsOfficePowerBI.json | 2 +- .../dataConnectors/CheckRequirementsThreatIntelligence.json | 2 +- .../CheckRequirementsThreatIntelligenceTaxii.json | 2 +- .../examples/dataConnectors/ConnectAPIPolling.json | 2 +- .../examples/dataConnectors/ConnectAPIPollingV2Logs.json | 2 +- .../examples/dataConnectors/CreateAPIPolling.json | 2 +- .../dataConnectors/CreateDynamics365DataConnetor.json | 2 +- .../examples/dataConnectors/CreateGenericUI.json | 2 +- .../examples/dataConnectors/CreateGoogleCloudPlatform.json | 2 +- ...eateMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../CreateMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../CreateMicrosoftThreatProtectionDataConnetor.json | 2 +- .../dataConnectors/CreateOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/CreateOfficeDataConnetor.json | 2 +- .../dataConnectors/CreateOfficePowerBIDataConnector.json | 2 +- .../dataConnectors/CreateThreatIntelligenceDataConnector.json | 2 +- .../CreateThreatIntelligenceTaxiiDataConnector.json | 2 +- .../examples/dataConnectors/DeleteAPIPolling.json | 2 +- .../examples/dataConnectors/DeleteGenericUI.json | 2 +- .../examples/dataConnectors/DeleteGoogleCloudPlatform.json | 2 +- ...leteMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../DeleteMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/DeleteOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/DeleteOfficeDataConnetor.json | 2 +- .../dataConnectors/DeleteOfficePowerBIDataConnetor.json | 2 +- .../examples/dataConnectors/DisconnectAPIPolling.json | 2 +- .../examples/dataConnectors/GetAPIPolling.json | 2 +- .../dataConnectors/GetAmazonWebServicesCloudTrailById.json | 2 +- .../examples/dataConnectors/GetAmazonWebServicesS3ById.json | 2 +- .../examples/dataConnectors/GetAzureActiveDirectoryById.json | 2 +- .../dataConnectors/GetAzureAdvancedThreatProtectionById.json | 2 +- .../examples/dataConnectors/GetAzureSecurityCenterById.json | 2 +- .../examples/dataConnectors/GetDataConnectors.json | 2 +- .../dataConnectors/GetDynamics365DataConnectorById.json | 2 +- .../examples/dataConnectors/GetGenericUI.json | 2 +- .../examples/dataConnectors/GetGoogleCloudPlatformById.json | 2 +- .../examples/dataConnectors/GetIoTById.json | 2 +- .../dataConnectors/GetMicrosoftCloudAppSecurityById.json | 2 +- .../GetMicrosoftDefenderAdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetMicrosoftInsiderRiskManagementById.json | 2 +- ...MicrosoftPurviewInformationProtectionDataConnetorById.json | 2 +- .../dataConnectors/GetMicrosoftThreatIntelligenceById.json | 2 +- .../dataConnectors/GetMicrosoftThreatProtectionById.json | 2 +- .../GetOffice365AdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetOffice365ProjectDataConnetorById.json | 2 +- .../examples/dataConnectors/GetOfficeDataConnetorById.json | 2 +- .../dataConnectors/GetOfficePowerBIDataConnetorById.json | 2 +- .../examples/dataConnectors/GetThreatIntelligenceById.json | 2 +- .../dataConnectors/GetThreatIntelligenceTaxiiById.json | 2 +- .../examples/enrichment/GetGeodataByIp.json | 2 +- .../examples/enrichment/GetWhoisByDomainName.json | 2 +- .../examples/entities/GetAccountEntityById.json | 2 +- .../examples/entities/GetAzureResourceEntityById.json | 2 +- .../examples/entities/GetCloudApplicationEntityById.json | 2 +- .../examples/entities/GetDnsEntityById.json | 2 +- .../2023-07-01-preview/examples/entities/GetEntities.json | 2 +- .../examples/entities/GetFileEntityById.json | 2 +- .../examples/entities/GetFileHashEntityById.json | 2 +- .../examples/entities/GetHostEntityById.json | 2 +- .../examples/entities/GetIoTDeviceEntityById.json | 2 +- .../2023-07-01-preview/examples/entities/GetIpEntityById.json | 2 +- .../examples/entities/GetMailClusterEntityById.json | 2 +- .../examples/entities/GetMailMessageEntityById.json | 2 +- .../examples/entities/GetMailboxEntityById.json | 2 +- .../examples/entities/GetMalwareEntityById.json | 2 +- .../examples/entities/GetProcessEntityById.json | 2 +- .../2023-07-01-preview/examples/entities/GetQueries.json | 2 +- .../examples/entities/GetRegistryKeyEntityById.json | 2 +- .../examples/entities/GetRegistryValueEntityById.json | 2 +- .../examples/entities/GetSecurityAlertEntityById.json | 2 +- .../examples/entities/GetSecurityGroupEntityById.json | 2 +- .../examples/entities/GetSubmissionMailEntityById.json | 2 +- .../examples/entities/GetUrlEntityById.json | 2 +- .../examples/entities/expand/PostExpandEntity.json | 2 +- .../examples/entities/insights/PostGetInsights.json | 2 +- .../examples/entities/relations/GetAllEntityRelations.json | 2 +- .../examples/entities/relations/GetEntityRelationByName.json | 2 +- .../examples/entities/timeline/PostTimelineEntity.json | 2 +- .../examples/entityQueries/CreateEntityQueryActivity.json | 2 +- .../examples/entityQueries/DeleteEntityQuery.json | 2 +- .../examples/entityQueries/GetActivityEntityQueryById.json | 2 +- .../examples/entityQueries/GetEntityQueries.json | 2 +- .../examples/entityQueries/GetExpansionEntityQueryById.json | 2 +- .../GetActivityEntityQueryTemplateById.json | 2 +- .../entityQueryTemplates/GetEntityQueryTemplates.json | 2 +- .../examples/fileImports/CreateFileImport.json | 2 +- .../examples/fileImports/DeleteFileImport.json | 2 +- .../examples/fileImports/GetFileImportById.json | 2 +- .../examples/fileImports/GetFileImports.json | 2 +- .../preview/2023-07-01-preview/examples/hunts/CreateHunt.json | 2 +- .../2023-07-01-preview/examples/hunts/CreateHuntComment.json | 2 +- .../2023-07-01-preview/examples/hunts/CreateHuntRelation.json | 2 +- .../preview/2023-07-01-preview/examples/hunts/DeleteHunt.json | 2 +- .../2023-07-01-preview/examples/hunts/DeleteHuntComment.json | 2 +- .../2023-07-01-preview/examples/hunts/DeleteHuntRelation.json | 2 +- .../2023-07-01-preview/examples/hunts/GetHuntById.json | 2 +- .../2023-07-01-preview/examples/hunts/GetHuntCommentById.json | 2 +- .../2023-07-01-preview/examples/hunts/GetHuntComments.json | 2 +- .../examples/hunts/GetHuntRelationById.json | 2 +- .../2023-07-01-preview/examples/hunts/GetHuntRelations.json | 2 +- .../preview/2023-07-01-preview/examples/hunts/GetHunts.json | 2 +- .../incidents/IncidentAlerts/Incidents_ListAlerts.json | 2 +- .../incidents/IncidentBookmarks/Incidents_ListBookmarks.json | 2 +- .../IncidentComments/IncidentComments_CreateOrUpdate.json | 2 +- .../incidents/IncidentComments/IncidentComments_Delete.json | 2 +- .../incidents/IncidentComments/IncidentComments_Get.json | 2 +- .../incidents/IncidentComments/IncidentComments_List.json | 2 +- .../incidents/IncidentEntities/Incidents_ListEntities.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_Delete.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_Get.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_List.json | 2 +- .../examples/incidents/IncidentTeam/Incidents_CreateTeam.json | 2 +- .../examples/incidents/Incidents_CreateOrUpdate.json | 2 +- .../examples/incidents/Incidents_Delete.json | 2 +- .../2023-07-01-preview/examples/incidents/Incidents_Get.json | 2 +- .../2023-07-01-preview/examples/incidents/Incidents_List.json | 2 +- .../examples/incidents/relations/CreateIncidentRelation.json | 2 +- .../examples/incidents/relations/DeleteIncidentRelation.json | 2 +- .../examples/incidents/relations/GetAllIncidentRelations.json | 2 +- .../incidents/relations/GetIncidentRelationByName.json | 2 +- .../examples/manualTrigger/Entities_RunPlaybook.json | 2 +- .../examples/manualTrigger/Incidents_RunPlaybook.json | 2 +- .../2023-07-01-preview/examples/metadata/DeleteMetadata.json | 2 +- .../2023-07-01-preview/examples/metadata/GetAllMetadata.json | 2 +- .../examples/metadata/GetAllMetadataOData.json | 2 +- .../2023-07-01-preview/examples/metadata/GetMetadata.json | 2 +- .../2023-07-01-preview/examples/metadata/PatchMetadata.json | 2 +- .../2023-07-01-preview/examples/metadata/PutMetadata.json | 2 +- .../examples/metadata/PutMetadataMinimal.json | 2 +- .../examples/officeConsents/DeleteOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsentsById.json | 2 +- .../onboardingStates/CreateSentinelOnboardingState.json | 2 +- .../onboardingStates/DeleteSentinelOnboardingState.json | 2 +- .../onboardingStates/GetAllSentinelOnboardingStates.json | 2 +- .../examples/onboardingStates/GetSentinelOnboardingState.json | 2 +- .../examples/operations/ListOperations.json | 2 +- .../examples/recommendations/GetRecommendation.json | 2 +- .../examples/recommendations/GetRecommendations.json | 2 +- .../examples/recommendations/PatchRecommendation.json | 4 ++-- .../examples/repositories/GetRepositories.json | 2 +- .../CreateAnomalySecurityMLAnalyticsSetting.json | 2 +- .../DeleteSecurityMLAnalyticsSetting.json | 2 +- .../GetAllSecurityMLAnalyticsSettings.json | 2 +- .../GetAnomalySecurityMLAnalyticsSetting.json | 2 +- .../examples/settings/DeleteEyesOnSetting.json | 2 +- .../2023-07-01-preview/examples/settings/GetAllSettings.json | 2 +- .../examples/settings/GetEyesOnSetting.json | 2 +- .../examples/settings/UpdateEyesOnSetting.json | 2 +- .../examples/sourcecontrols/CreateSourceControl.json | 2 +- .../examples/sourcecontrols/DeleteSourceControl.json | 2 +- .../examples/sourcecontrols/GetSourceControlById.json | 2 +- .../examples/sourcecontrols/GetSourceControls.json | 2 +- .../threatintelligence/AppendTagsThreatIntelligence.json | 2 +- .../threatintelligence/CollectThreatIntelligenceMetrics.json | 2 +- .../examples/threatintelligence/CreateThreatIntelligence.json | 2 +- .../examples/threatintelligence/DeleteThreatIntelligence.json | 2 +- .../examples/threatintelligence/GetThreatIntelligence.json | 2 +- .../threatintelligence/GetThreatIntelligenceById.json | 2 +- .../examples/threatintelligence/QueryThreatIntelligence.json | 2 +- .../threatintelligence/ReplaceTagsThreatIntelligence.json | 2 +- .../examples/threatintelligence/UpdateThreatIntelligence.json | 2 +- .../triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json | 4 ++-- .../triggeredAnalyticsRuleRun_Get.json | 2 +- .../triggeredAnalyticsRuleRuns_Get.json | 2 +- .../examples/watchlists/CreateWatchlist.json | 2 +- .../examples/watchlists/CreateWatchlistAndWatchlistItems.json | 2 +- .../examples/watchlists/CreateWatchlistItem.json | 2 +- .../examples/watchlists/DeleteWatchlist.json | 4 ++-- .../examples/watchlists/DeleteWatchlistItem.json | 2 +- .../examples/watchlists/GetWatchlistByAlias.json | 2 +- .../examples/watchlists/GetWatchlistItemById.json | 2 +- .../examples/watchlists/GetWatchlistItems.json | 2 +- .../2023-07-01-preview/examples/watchlists/GetWatchlists.json | 2 +- .../examples/workspaceManagerAssignments/CreateJob.json | 2 +- .../CreateOrUpdateWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/DeleteJob.json | 2 +- .../DeleteWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/GetAllJobs.json | 2 +- .../GetAllWorkspaceManagerAssignments.json | 2 +- .../examples/workspaceManagerAssignments/GetJob.json | 2 +- .../GetWorkspaceManagerAssignment.json | 2 +- .../CreateOrUpdateWorkspaceManagerConfiguration.json | 2 +- .../DeleteWorkspaceManagerConfiguration.json | 2 +- .../GetAllWorkspaceManagerConfigurations.json | 2 +- .../GetWorkspaceManagerConfiguration.json | 2 +- .../CreateOrUpdateWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/DeleteWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/GetAllWorkspaceManagerGroups.json | 2 +- .../workspaceManagerGroups/GetWorkspaceManagerGroup.json | 2 +- .../CreateOrUpdateWorkspaceManagerMember.json | 2 +- .../workspaceManagerMembers/DeleteWorkspaceManagerMember.json | 2 +- .../GetAllWorkspaceManagerMembers.json | 2 +- .../workspaceManagerMembers/GetWorkspaceManagerMember.json | 2 +- .../preview/2023-07-01-preview/operations.json | 2 +- 290 files changed, 293 insertions(+), 293 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json index dad3d01ca238..82639cabf7e9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AlertRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json index 6858eb99c1bc..3260102ac370 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/AutomationRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json index 30b42bd4a28b..8d023f5a1ef0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/BillingStatistics.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json index 374f1b7e009c..bbc43a95295a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Bookmarks.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json index 1197b5ba9970..bd7c6f8db4de 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json index 1c4ef5176831..761bf70360f2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json index 95d25580b904..a7deae0c8e37 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json index 4b7dbc6a1dc0..6cb06d3ca875 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json index b89cc6dc53f1..f64e849bec27 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Enrichment.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json index af9f39337292..62df62ce7178 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Entities.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json index b912bc49e40a..ffa398f12baa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueries.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json index 697f4fa3f603..4f2a57337f20 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/EntityQueryTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json index 8d1062f5cf0f..eedde2824b40 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/FileImports.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json index 3be17600ead8..e13f0734df42 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json index 81e2a17c98ae..3c75aac39fe4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Incidents.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json index 6673273c9595..ef4edd08efd5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json index 2fe8f133937b..4a5b6c9a0bd5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OfficeConsents.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json index 9475f8c2893b..1b6ff7b593d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/OnboardingStates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json index 0ab6bae47dd4..75f5d249077b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Recommendations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json index 4ce0dae1c393..9b97dcb1b1f2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SecurityMLAnalyticsSettings.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json index 573bfc7edef4..5c0b77efc9f1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Settings.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json index 76301c5a4524..f8c32b59f127 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/SourceControls.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json index 0c8686ec3aed..829a4600b473 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ThreatIntelligence.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json index 8fc815a1401c..4ce490b8af5b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/TriggeredAnalyticsRuleRuns.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json index 5ef837636039..5f058c9c6219 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Watchlists.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json index d3a61a25566c..32f7567795a5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerAssignments.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json index 8700ffa53285..694f552a5e2e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerConfigurations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json index 5f572cf2b79d..46239cccb419 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json index 0f99c0d12c7b..753c9a956845 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json index a4166f06d255..7319a978f0f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/AlertTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-06-01-preview", + "version": "2023-07-01-preview", "title": "Common Alert types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json index a4fc34c3a950..cd86cd6749b1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-06-01-preview", + "version": "2023-07-01-preview", "title": "Common content metadata types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json index 54839090a674..871bf5993dd0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/EntityTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-06-01-preview", + "version": "2023-07-01-preview", "title": "Common Entity types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json index a252ef4f143a..ce5285caf919 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/IncidentTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-06-01-preview", + "version": "2023-07-01-preview", "title": "Common Incident types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json index 0f6a7c2a2f21..5eade8c2923c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/RelationTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-06-01-preview", + "version": "2023-07-01-preview", "title": "Common Relation types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json index 75cbd66b97d3..58853505f7a6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ThreatIntelligenceTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-06-01-preview", + "version": "2023-07-01-preview", "title": "Common Relation types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json index fe87d75666ab..d27a5c0307dc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json index 27639541bd9d..fe9d6bcbde01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json index 5f3f41f8c34c..113a77356727 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json index 5a2bad62ed12..588ef8c57972 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json index d8d89d04a083..7700fbbe3f66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json index 02bc5ae3938c..ac0d3d4f1e71 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json index 5a89315bb837..25309b0d1f89 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json index c704a79f2c77..d9ee6c760ccd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json index 698d4ae27062..8b1834e95bd5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json index b81074061ec4..e36d779d19f4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json index 8177709399a3..1b0a9a5c1b08 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json index d5baed8a0136..a133bb2468b7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json index 32efb9f37c80..035ce9e6da40 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/DeleteAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json index 46983b4f4c8d..d7d610a105bd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetAllAlertRules.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json index d22fb13078d3..d81f60dc0d41 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json index 397ccc951673..86b5fda2962b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json index ff0659b9ead9..9d9dff6335ee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json index 0aa9eedfa7ab..6fd4a529528d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index d9fe2af3b164..c237f8a4a366 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json index 49ce84c0e168..4379e4227cc9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json index da037c5177ad..915f41a6e6bb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json index 50e49e74695f..b3b2da6495c8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/automationRules/AutomationRules_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json index 0a2e6e187c30..cb3de4aac66b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json index bacfeb31a18a..4f164baa20d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json index 3803dd2bf5fa..a6781be0b22e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/CreateBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json index f94b0d32f46a..16400328e2ab 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/DeleteBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json index 604766ffea05..07ba04cb52c2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarkById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json index e9a47fdee9d0..247409cbfbe1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/GetBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json index 728d317589d9..ae981876de71 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json index 28ff714eb43a..1d044748d383 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json index fa907d73ef80..a728919d6022 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json index 3c231759d2b2..89c5c008e17c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json index ded4b381b930..f824fbf3e1fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json index 4f42446b37e2..1709d1f3b4f3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json index 9de32f158f4a..9b1b71225f70 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json index 7973ad240601..3ba92a4d160e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json index 3e97c09d4208..9c256e48df46 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json index 0fa2b0b2153f..aa0149858c03 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json index 47ac668e91a0..cb20ac1400de 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/UninstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json index 0ea8820fd07c..7c2c04417435 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json index 3b613d351b86..0d1d80f591df 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json index a519fabdbbd4..25db831eedc8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json index 09c61f428da0..fadc906d0ab4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json index 1b8c7f4af701..6715bc7372fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json index 05ff8c449d34..97fd0e38df1b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json index b7edffc8f9ab..4cfea3618027 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json index b7edffc8f9ab..4cfea3618027 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json index b7edffc8f9ab..4cfea3618027 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json index 9279b94a2d12..3fe5148e26d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json index 303a7ef87559..50984a4b89be 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json index 1654db1736a1..2111fd7370c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json index a90957eac32c..3650580ff4a6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json index a90957eac32c..3650580ff4a6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json index cbfad35bc401..e926951558ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json index a13b7bb27941..0e88ec7b1102 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json index 98f4ef99689c..bb78a6601021 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json index 101b6c874e12..6754dcbeccd9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json index 0e7b20d3709c..0dbe07dbad45 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json index 2b205be177c6..c7bc1110c5fa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json index 3681281b7493..242ea8c6bb04 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json index 2852521e4255..b4a9ec0ff80f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json index bb38e41fab7f..0497f856e3c8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json index ec3e7b83c21b..9e8ebec64546 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json index 1d2960768f89..2ee3d25fb0b9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json index d4d2b3009f17..06cbb9dc6b83 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json index dfbf1316d13b..afecb0f3c742 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json index 861c17980c5b..c101496e2e7d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json index 0097e85e67eb..25844ac2b9ea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json index 36b016f651da..f577a91911e6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json index 1874dc158b3c..c4528e3849a0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json index c22dab13d439..226d987688bf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json index c95f332376e5..6eb0b55499b6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json index 1baf5035606d..bcdb3c80acc3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json index 2b037eb2f17d..fd0f09ab613d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json index 823848ed7f1d..16774677fd5c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json index feba43ca7e4f..a46ef2f83f42 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json index 935c00c80072..2e5894bc9dbb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json index 935c00c80072..2e5894bc9dbb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json index 86c347a8ee11..df1b8793fc55 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json index fe0a3ce68fa9..3f7ce13b3468 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json index e74bfeda9ecf..71d30691ce65 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json index fe0a3ce68fa9..3f7ce13b3468 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json index fe0a3ce68fa9..3f7ce13b3468 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json index fe0a3ce68fa9..3f7ce13b3468 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json index e576f7cd1513..59348d0ac511 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json index ec3cc417ddd0..6805d3a88f9b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json index 9dd9e79ec643..7805bffb428e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json index bdeb72ddd537..3c311e9b9a3b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json index 5c8a26b20e5e..9cd676c68649 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json index 0c311853395c..cd033dd03711 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json index fb8c21481c5b..01fc33972ebb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json index 45604c849ec7..a976c26a1ebe 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json index d86747172e37..d8d52548b53a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json index cce7bba8de18..ce92b74c3e42 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json index 4cd1f6ec7803..713e166574d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json index 50c651797854..db036c22c07a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetIoTById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json index 2037839c8806..c9b049b13223 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json index 859bbf5de93b..3d14c0b19071 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json index df0bc5779823..36e72cb4802e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json index a69a38f96c31..5ee866b6382a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json index 901c1b7d01e7..cff9d5f50b56 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json index 365fe2eabfb1..61b517ef46f5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json index 319084eef276..5f820e26d5f3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json index 44defe114068..3a5c51d69ee3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json index 3ff114816c24..0a841bfb28a2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json index 15813696b2f4..df31c8eee90b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json index 896f92853b9a..19d7c1d8a44e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json index 4a6a3ef15d57..ca3fe8dacf8a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json index dde14a26dace..5a304673cc8d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetGeodataByIp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "ipAddress": "1.2.3.4" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json index 7225f3056884..26463f3b93a0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "domain": "microsoft.com" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json index 07d45a9b59a6..caad4d7081b3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAccountEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json index 172d1248cc13..30d0e4efd671 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json index b2b4f48a4a1a..e3cf87f4f6d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json index 4bd3fabd60a5..ef6fc36dd87c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetDnsEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json index 92054fca3cb5..9a45900bd7be 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json index e1c3f4e1be7a..2c7fc953aafa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json index 9633f5bf1bd7..62bf9f2d814f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetFileHashEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json index db246c82c7eb..d4510ef85f43 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetHostEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json index 72bc7133d9c3..5d1068e12f86 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json index 3512b0bdc8c1..f541150ebf5a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetIpEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json index 840054b741fe..d1ec4aeca51e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailClusterEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json index 45172227541e..f28f38582ae3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailMessageEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json index bd7436d5c111..0a2e99249703 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMailboxEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json index cdef5d9f29ce..e6c25e225abf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetMalwareEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json index 3a7150b2cd86..7b9516ff8903 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetProcessEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json index 7b93c2533beb..7f76eb99247d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json index 2118e1c1de32..e6a0f4f2ef96 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json index fe039f986393..55c5b4ae1927 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json index 944d92e1f7c5..0e7fe658b5d7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json index a6d13d2fff73..15102c712285 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json index a2c2f37d2d85..a6f09ed2f1c0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json index a132e72c9e8d..876cc5ed7c6e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/GetUrlEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json index f438587804c9..601497bbb9e6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/expand/PostExpandEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json index aad7e513d9f3..211f1c898b75 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/insights/PostGetInsights.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json index 4a0abb740bf7..28221b41530e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json index f9287ab6809d..f766bd64a5ca 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json index 5fb547112fab..d5711c7d7d44 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json index 75f23bd32078..902eae9e2a78 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json index 2903e87a54ef..d0b93287bc37 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json index 6b48be6bd8ba..3181dd43115d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json index 6e5bb5d4046c..97b2aa87a21d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetEntityQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "kind": "Expansion", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json index 8c2e89adef5c..eec7bb0a2bd4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json index ce1eafe11a94..0538d257be0c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json index a61e33e6ac7d..15ea39ee2dfb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "kind": "Activity", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json index 5d3494bd04e4..79c183d56e23 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/CreateFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json index eb27ba3db8b0..61ab4030d325 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/DeleteFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json index 5e5b6449c01c..565a62b5a3a8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImportById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json index a52e22493ee4..d686a57dc3dc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/fileImports/GetFileImports.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json index 7a9cca8cc0a3..72dde0c5da3c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json index 0a3f94f44f21..955769b74408 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json index df510e2edca3..49f8f71d6ca2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/CreateHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json index 65d3cc517061..88093837e527 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json index 6bb38cb8e637..d2b0f7a6992b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json index 31b60b3771ab..911830f33982 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/DeleteHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json index ecc3566d7617..c59d9d4c9674 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json index 93e0ef5fcc5a..e135f5741a7b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntCommentById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json index ab41353d185a..34210abf2705 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntComments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json index ca1bd1a63c8d..8721f0382076 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelationById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json index 6460f3c73a53..e2778a9f733a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHuntRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json index 1e6c2f8359ab..b210756fe08f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/hunts/GetHunts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json index 610d5f03663c..59a3ae002d66 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json index 28ef2a443724..aff78b2915cf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json index 178812dfaf1c..ea5cf7521a2a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json index 96a6079eaa95..2e4d6508587c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json index b7146173f79f..f4f6e61bb7d3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json index 09b92b630264..577907d65cdd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json index a12510e4854c..dc0a905f1d3a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json index 12d855b11ef5..4c324b3eec70 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json index 8c3d24c5dfa9..f98aa74e82c8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json index ed9ac2471df5..f6c87b678ff5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json index ffc566696424..61bac8b76598 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json index cc6bc0f0f283..5fa65f7d4510 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json index 71eda4834121..750c2dcff52b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json index 7bd7d4c66b2c..5af60e6c1439 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json index 9eadae11cbc6..53fe7f4ef9af 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json index f0e162f6882f..99909b79c8b1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/Incidents_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json index f56f80ece2f3..1fbbfcfbd3a2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json index c341b3b84fdb..533db71ee157 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json index 2263a3e98d39..f139f77dff9a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json index 49e19fbb498b..28d255c12871 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json index e7e5b0a5f4e5..9584bed38f82 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json index 177cccbeb34f..1266839cb22c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json index 4cc042fcbf44..edcc3641f60a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/DeleteMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json index d6def2e01e8f..0d166890f5b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json index ff5024c94515..4c71da843ad3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetAllMetadataOData.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json index 8a4556864106..a7acb460602c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/GetMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json index 0948a4f8e2e5..5b5c31a94ad5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PatchMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json index f2677154841e..4946491adba3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json index c8fb6adfcd0b..89b13360fad8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/metadata/PutMetadataMinimal.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json index 13450c004006..7cc30dc9290c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json index f41612e79934..3dc8d40d2c4b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json index f51295c0640d..64c63a66fc54 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json index 28315f391c6e..69a80be1a880 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json index 7fc62fb77bbe..09974678ed01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json index dcb707d0bba3..bf5a79dfa525 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json index 9af86d87a990..b7a567434ff2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json index a2addf0f1988..a2fbd89ffe78 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/operations/ListOperations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview" + "api-version": "2023-07-01-preview" }, "responses": { "200": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json index 40408f4add52..346008549876 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json index 662d8eafd7a5..eb0d866720f8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/GetRecommendations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json index 6aa6ef654a74..ca6c1ecba9b8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/recommendations/PatchRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -14,7 +14,7 @@ "responses": { "202": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-06-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-07-01-preview" }, "body": { "recommendationTypeId": "ThreatIntelligence_Example", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json index 840f6c23c892..cb121b22c0ca 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/repositories/GetRepositories.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "repoType": "Github", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json index 996bb902cdf0..f5e12afa8e44 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json index 47d3bf8944e3..c81898f12edf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json index fc0bba6e2c1d..538692bda62c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json index d7138be4b909..d48c862a8c26 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json index c73215b99439..8142b27418ec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json index 1e86df37becb..19153c30fe94 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetAllSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json index 97423474bf0b..443f6dff644e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/GetEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json index 037c1ae8c9f7..874aeb8d09db 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json index a9dd66f41914..87c9cf241476 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json index 2a4ad35f7138..1b19ff52c416 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json index 083ed4fa81d4..21594cd205d2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json index 5d0209868d1c..7c7dff39172c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json index b6cf600375c2..aa5edb3e2948 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json index 11d96955b9cd..b7409c71fab1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json index 45815a0f0551..080df5f89c8b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json index d162821494ff..52787e9d3c50 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json index 502e0b0a6ba3..8cf679eda719 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json index f6b846fd951c..f4f6389a4fd6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json index 74d94ea74d8c..f7db78428cd0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json index 0482052c0af8..4e30f2afcdf5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json index e8fabc6292fa..bab51708cc01 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json index 74e6c760fff5..42263eea5f8f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -16,7 +16,7 @@ "headers": { "Code": "202", "Message": "Accepted", - "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-06-01-preview" + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-07-01-preview" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json index 27e1a5e6aa7a..c42f79ae9fd9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json index acb914dbd8dd..6f0e83f957c9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json index 5da1a903efc3..a5a369f21c3b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json index 518546642603..8d8ef6b7ae09 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json index 40a7b172e698..d747d48082fc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json index c3649cb43d32..4e3f4a1a9132 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -10,7 +10,7 @@ "responses": { "200": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-06-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-07-01-preview" } }, "204": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json index 570617b563b7..d6d40c4cba47 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json index b32501c2f07a..d024e90c148b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json index 462b46f7a3b9..5d80561ec029 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json index ce465f8f3e7b..3c72d28cc37e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json index dda82a454c9b..a881cb7aa79a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/watchlists/GetWatchlists.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json index d0f2c0b4e599..3024ea6176c4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json index efb780d88695..23ad49320991 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json index 500350dd9da2..5ed6caf7fd53 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json index 1b3c2a3ea5fd..41da325e43c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json index 65a4c23024a2..3d5ae29bcbfe 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json index 5dd6cd1ae150..8b511933afa6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json index 2feff80b4f7e..768ae3d753e5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json index 81cefcfefa7b..c665781e99ba 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json index eabacdb288f6..2db878545a45 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json index fa51f7d9aa87..59888d14f759 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json index 11f36610021f..e1a658ce4ecf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json index 378489843a38..c6468a8887d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json index 42fb4f036fee..053f6d787fa6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json index 3ec23085604e..2c738d4e634b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json index e4c45c5f6379..a14b7c662fda 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json index 80cc414ddfbf..bff5dbcc326b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json index e17271704088..27b4f159828c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json index 7b0d46324e13..612af753371b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json index a071ca32f198..ee247496323d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json index 991f2b915fd3..4ae4e7196cbb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-06-01-preview", + "api-version": "2023-07-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json index 0dbd03eaa91f..089d6b3e72f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-06-01-preview" + "version": "2023-07-01-preview" }, "host": "management.azure.com", "schemes": [ From fec58bc063e53d4f4b6409ccad723614b86b6fbb Mon Sep 17 00:00:00 2001 From: artafres <94412144+artafres@users.noreply.github.com> Date: Thu, 22 Jun 2023 18:01:35 -0700 Subject: [PATCH 04/10] Added Approved and Backlog to Hunts Status enum (#24552) --- .../preview/2023-07-01-preview/Hunts.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json index e13f0734df42..492a0bb58743 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Hunts.json @@ -704,7 +704,9 @@ "enum": [ "New", "Active", - "Closed" + "Closed", + "Backlog", + "Approved" ], "type": "string", "x-ms-enum": { From 2416928db0471c5c97f1904b876d9270ba58e643 Mon Sep 17 00:00:00 2001 From: sagamzu <52034287+sagamzu@users.noreply.github.com> Date: Fri, 23 Jun 2023 04:33:55 +0300 Subject: [PATCH 05/10] [Sentinel] [New Public API] Add swagger doc for dataConnectorDefinition API (#24509) * add dataConnectorDefinition API doc * update examples * add pattern * update pattern * update pattern * update description * update description * small fix * small fix * small fix * small fix --- custom-words.txt | 1 + .../dataConnectorDefinitions.json | 757 ++++++++++++++++++ ...teCustomizableDataConnectorDefinition.json | 264 ++++++ .../DeleteDataConnectorDefinitionById.json | 13 + ...stomizableDataConnectoeDefinitionById.json | 100 +++ .../GetDataConnectorDefinitions.json | 100 +++ .../resource-manager/readme.md | 1 + 7 files changed, 1236 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json diff --git a/custom-words.txt b/custom-words.txt index 22fdccaeb4dc..a3b532be091e 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -560,6 +560,7 @@ createorupdate createpreview credativ creds +criterias crossdomain cscf cscfg diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json new file mode 100644 index 000000000000..76c77e0de127 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json @@ -0,0 +1,757 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-07-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions": { + "get": { + "x-ms-examples": { + "Get all data connector definitions.": { + "$ref": "./examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets all data connector definitions.", + "operationId": "DataConnectorDefinitions_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ConnectorDefinitionBaseArmCollectionWrapper" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}": { + "get": { + "x-ms-examples": { + "Get customize data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets a data connector definition.", + "operationId": "DataConnectorDefinitions_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Creates or updates the data connector definition.", + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "in": "body", + "name": "connectorDefinitionInput", + "required": true, + "schema": { + "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapperWithConverter" + } + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Delete the data connector definition.", + "operationId": "DataConnectorDefinitions_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "ConnectorDefinitionsAvailability": { + "description": "The exposure status of the connector to the customers.", + "type": "object", + "properties": { + "status": { + "$ref": "#/definitions/AvailabilityStatus" + }, + "isPreview": { + "description": "Gets or sets a value indicating whether the connector is preview.", + "type": "boolean" + } + } + }, + "AvailabilityStatus": { + "description": "The exposure status of the connector to the customers.", + "enum": [ + "None", + "Available", + "FeatureFlag", + "Internal" + ], + "type": "string", + "example": "None", + "x-ms-enum": { + "name": "AvailabilityStatus", + "modelAsString": true, + "values": [ + { + "value": "None" + }, + { + "value": "Available", + "description": "The connector is fully available to be used by customers." + }, + { + "value": "FeatureFlag", + "description": "The connector is under a feature flag and not available for all customers." + }, + { + "value": "Internal", + "description": "The connector is internal and should not be shown in DataConnectors blade." + } + ] + } + }, + "ConnectivityCriterion": { + "description": "The criteria by which we determine whether the connector is connected or not.\r\nFor Example, use a KQL query to check if the expected data type is flowing).", + "required": [ + "type" + ], + "type": "object", + "properties": { + "type": { + "description": "Gets or sets the type of connectivity.", + "type": "string" + }, + "value": { + "description": "Gets or sets the queries for checking connectivity.", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "ConnectorDataType": { + "description": "The data type which is created by the connector,\r\nincluding a query indicated when was the last time that data type was received in the workspace.", + "required": [ + "lastDataReceivedQuery", + "name" + ], + "type": "object", + "properties": { + "name": { + "description": "Gets or sets the name of the data type to show in the graph.", + "type": "string" + }, + "lastDataReceivedQuery": { + "description": "Gets or sets the query to indicate when relevant data was last received in the workspace.", + "type": "string" + } + } + }, + "ConnectorDefinitionBase": { + "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\r\nand the info required to define data connections.", + "type": "object", + "properties": { + "createdTimeUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition created date in UTC format.", + "type": "string" + }, + "lastModifiedUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition last modified date in UTC format.", + "type": "string" + } + } + }, + "ConnectorDefinitionBaseArmCollectionWrapper": { + "type": "object", + "description": "Encapsulate the data connector definition object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "ConnectorDefinitionBaseArmObjectWrapper": { + "required": [ + "properties" + ], + "type": "object", + "description": "Encapsulate the data connector definition object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\r\nand the info required to define data connections.", + "type": "object", + "$ref": "#/definitions/ConnectorDefinitionBase", + "x-ms-client-flatten": true + } + } + }, + "ConnectorDefinitionBaseArmObjectWrapperWithConverter": { + "required": [ + "properties" + ], + "type": "object", + "description": "Encapsulate the data connector definition object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "description": "Gets or sets the nested level of properties which contains the resource content", + "type": "object", + "$ref": "#/definitions/ConnectorDefinitionBase", + "x-ms-client-flatten": true + } + } + }, + "CustomizableConnectorDefinition": { + "description": "Connector definition for ConnectorDefinitionKind 'Customizable'.", + "required": [ + "connectorUiConfig" + ], + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ConnectorDefinitionBase" + } + ], + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CustomizableConnectorUiConfig" + }, + "connectionsConfig": { + "$ref": "#/definitions/CustomizableConnectionsConfig" + } + } + }, + "CustomizableConnectionsConfig": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "required": [ + "templateSpecVersion", + "templateSpecName" + ], + "type": "object", + "properties": { + "templateSpecName": { + "description": "Gets or sets the template name. The template includes ARM templates that can be created by the connector, usually it will be the dataConnectors ARM templates.", + "type": "string" + }, + "templateSpecVersion": { + "description": "Gets or sets the template version.", + "type": "string" + } + } + }, + "CustomizableConnectorUiConfig": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "required": [ + "dataTypes", + "descriptionMarkdown", + "graphQueries", + "instructionSteps", + "permissions", + "publisher", + "sampleQueries", + "title", + "connectivityCriteria" + ], + "type": "object", + "properties": { + "id": { + "description": "Gets or sets custom connector id. optional field.", + "type": "string" + }, + "title": { + "description": "Gets or sets the connector blade title.", + "type": "string" + }, + "publisher": { + "description": "Gets or sets the connector publisher name.", + "type": "string" + }, + "descriptionMarkdown": { + "description": "Gets or sets the connector description in markdown format.", + "type": "string" + }, + "graphQueriesTableName": { + "description": "Gets or sets the name of the table the connector will insert the data to.\r\nThis name can be used in other queries by specifying {{graphQueriesTableName}} placeholder\r\n in Query and LastDataReceivedQuery values.", + "type": "string" + }, + "graphQueries": { + "description": "Gets or sets the graph queries to show the current data volume over time.", + "type": "array", + "items": { + "$ref": "#/definitions/GraphQuery" + }, + "x-ms-identifiers": [] + }, + "sampleQueries": { + "description": "Gets or sets the sample queries for the connector.", + "type": "array", + "items": { + "$ref": "#/definitions/SampleQuery" + }, + "x-ms-identifiers": [] + }, + "dataTypes": { + "description": "Gets or sets the data types to check for last data received.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectorDataType" + }, + "x-ms-identifiers": [] + }, + "connectivityCriteria": { + "description": "Gets or sets the way the connector checks whether the connector is connected.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectivityCriterion" + }, + "x-ms-identifiers": [] + }, + "availability": { + "$ref": "#/definitions/ConnectorDefinitionsAvailability" + }, + "permissions": { + "$ref": "#/definitions/ConnectorDefinitionsPermissions" + }, + "instructionSteps": { + "description": "Gets or sets the instruction steps to enable the connector.", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + }, + "logo": { + "description": "Gets or sets the connector logo to be used when displaying the connector within Azure Sentinel's connector's gallery.\r\nThe logo value should be in SVG format.", + "type": "string" + }, + "isConnectivityCriteriasMatchSome": { + "description": "Gets or sets a value indicating whether to use 'OR'(SOME) or 'AND' between ConnectivityCriteria items.", + "type": "boolean" + } + } + }, + "CustomPermissionDetails": { + "description": "The Custom permissions required for the connector.", + "required": [ + "description", + "name" + ], + "type": "object", + "properties": { + "name": { + "description": "Gets or sets the custom permissions name.", + "type": "string" + }, + "description": { + "description": "Gets or sets the custom permissions description.", + "type": "string" + } + } + }, + "GraphQuery": { + "description": "The graph query to show the volume of data arriving into the workspace over time.", + "required": [ + "baseQuery", + "legend", + "metricName" + ], + "type": "object", + "properties": { + "metricName": { + "description": "Gets or sets the metric name that the query is checking. For example: 'Total data receive'.", + "type": "string" + }, + "legend": { + "description": "Gets or sets the legend for the graph.", + "type": "string" + }, + "baseQuery": { + "description": "Gets or sets the base query for the graph.\r\nThe base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over time.", + "type": "string" + } + } + }, + "InstructionStep": { + "description": "Instruction steps to enable the connector.", + "type": "object", + "properties": { + "title": { + "description": "Gets or sets the instruction step title.", + "type": "string" + }, + "description": { + "description": "Gets or sets the instruction step description.", + "type": "string" + }, + "instructions": { + "description": "Gets or sets the instruction step details.", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStepDetails" + }, + "x-ms-identifiers": [] + }, + "innerSteps": { + "description": "Gets or sets the inner instruction steps details.\r\nFoe Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, instruction step 1.2].", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + } + } + }, + "InstructionStepDetails": { + "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", + "required": [ + "parameters", + "type" + ], + "type": "object", + "properties": { + "parameters": { + "description": "Gets or sets the instruction type parameters settings.", + "type": "object" + }, + "type": { + "description": "Gets or sets the instruction type name.", + "type": "string" + } + } + }, + "ConnectorDefinitionsPermissions": { + "description": "The required Permissions for the connector.", + "type": "object", + "properties": { + "tenant": { + "description": "Gets or sets the required tenant permissions for the connector.", + "type": "array", + "items": { + "type": "string" + } + }, + "licenses": { + "description": "Gets or sets the required licenses for the user to create connections.", + "type": "array", + "items": { + "type": "string" + } + }, + "resourceProvider": { + "description": "Gets or sets the resource provider permissions required for the user to create connections.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectorDefinitionsResourceProvider" + }, + "x-ms-identifiers": [] + }, + "customs": { + "description": "Gets or sets the customs permissions required for the user to create connections.", + "type": "array", + "items": { + "$ref": "#/definitions/CustomPermissionDetails" + }, + "x-ms-identifiers": [] + } + } + }, + "ProviderPermissionsScope": { + "description": "The scope on which the user should have permissions, in order to be able to create connections.", + "enum": [ + "Subscription", + "ResourceGroup", + "Workspace" + ], + "type": "string", + "example": "Subscription", + "x-ms-enum": { + "name": "ProviderPermissionsScope", + "modelAsString": true, + "values": [ + { + "value": "Subscription" + }, + { + "value": "ResourceGroup" + }, + { + "value": "Workspace" + } + ] + } + }, + "ConnectorDefinitionsResourceProvider": { + "description": "The resource provider details include the required permissions for the user to create connections.\r\nThe user should have the required permissions(Read\\Write, ..) in the specified scope ProviderPermissionsScope against the specified resource provider.", + "required": [ + "permissionsDisplayText", + "provider", + "providerDisplayName", + "requiredPermissions", + "scope" + ], + "type": "object", + "properties": { + "provider": { + "description": "Gets or sets the provider name.", + "type": "string" + }, + "permissionsDisplayText": { + "description": "Gets or sets the permissions description text.", + "type": "string" + }, + "providerDisplayName": { + "description": "Gets or sets the permissions provider display name.", + "type": "string" + }, + "scope": { + "$ref": "#/definitions/ProviderPermissionsScope" + }, + "requiredPermissions": { + "$ref": "#/definitions/ResourceProviderRequiredPermissions" + } + } + }, + "ResourceProviderRequiredPermissions": { + "description": "Required permissions for the connector resource provider that define in ResourceProviders.\r\nFor more information about the permissions see here.", + "type": "object", + "properties": { + "read": { + "description": "Gets or sets a value indicating whether the permission is read action (GET).", + "type": "boolean" + }, + "write": { + "description": "Gets or sets a value indicating whether the permission is write action (PUT or PATCH).", + "type": "boolean" + }, + "delete": { + "description": "Gets or sets a value indicating whether the permission is delete action (DELETE).", + "type": "boolean" + }, + "action": { + "description": "Gets or sets a value indicating whether the permission is custom actions (POST).", + "type": "boolean" + } + } + }, + "SampleQuery": { + "description": "The sample queries for the connector.", + "required": [ + "description", + "query" + ], + "type": "object", + "properties": { + "description": { + "description": "Gets or sets the sample query description.", + "type": "string" + }, + "query": { + "description": "Gets or sets the KQL sample query.", + "type": "string" + } + } + } + }, + "parameters": { + "dataConnectorDefinitionName": { + "in": "path", + "name": "dataConnectorDefinitionName", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9-]*$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json new file mode 100644 index 000000000000..d702b8973971 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -0,0 +1,264 @@ +{ + "parameters": { + "api-version": "2023-07-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "connectorDefinitionInput": { + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "ConnectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "ConnectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "ConnectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json new file mode 100644 index 000000000000..dba072ff30d9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-07-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json new file mode 100644 index 000000000000..6c334e922d5f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-07-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "ConnectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + }, + "connectionsConfig": { + "templateSpecName": "templateNameMock" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json new file mode 100644 index 000000000000..ad00261f5ee5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-07-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "ConnectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index d16c65d0242f..cd38951ece77 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -68,6 +68,7 @@ input-file: - Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerGroups.json - Microsoft.SecurityInsights/preview/2023-07-01-preview/WorkspaceManagerMembers.json - Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectors.json + - Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json - Microsoft.SecurityInsights/preview/2023-07-01-preview/operations.json ``` ### Tag: package-preview-2023-06 From 374e37955e80762c16b3f54e9525034ded0748e6 Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Thu, 22 Jun 2023 18:48:06 -0700 Subject: [PATCH 06/10] update swagger document based on feedback from the SDK team (#24555) --- .../2023-07-01-preview/ContentPackages.json | 153 +------------ .../ContentProductPackages.json | 126 +++-------- .../ContentProductTemplates.json | 119 ++-------- .../2023-07-01-preview/ContentTemplates.json | 112 ++-------- .../preview/2023-07-01-preview/Metadata.json | 54 +---- .../common/ContentCommonTypes.json | 208 ++++++++++++++++++ .../contentPackages/GetPackageById.json | 1 + .../examples/contentPackages/GetPackages.json | 1 + .../GetProductPackageById.json | 1 + .../contentPackages/GetProductPackages.json | 1 + .../contentPackages/InstallPackage.json | 3 + .../GetProductTemplateById.json | 8 +- .../contentTemplates/GetProductTemplates.json | 6 +- .../contentTemplates/GetTemplateById.json | 8 +- .../contentTemplates/GetTemplates.json | 6 +- .../contentTemplates/InstallTemplate.json | 14 +- 16 files changed, 320 insertions(+), 501 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json index bd7c6f8db4de..f11119b2a93a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentPackages.json @@ -272,162 +272,19 @@ }, "packageProperties": { "description": "Describes package properties", - "properties": { - "contentId": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", - "description": "The package id" - }, - "contentKind": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", - "description": "The package kind" - }, - "contentSchemaVersion": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", - "description": "The version of the content schema." - }, - "isNew": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this is a newly published package." - }, - "isPreview": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this package is in preview." - }, - "isFeatured": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this package is among the featured list." - }, - "version": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", - "description": "the latest version number of the package" - }, - "displayName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "The display name of the package" - }, - "description": { - "description": "The description of the package", - "type": "string" - }, - "publisherDisplayName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "The publisher display name of the package" - }, - "source": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", - "description": "The source of the package" - }, - "author": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", - "description": "The author of the package" - }, - "support": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", - "description": "The support tier of the package" - }, - "dependencies": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", - "description": "The support tier of the package" - }, - "providers": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", - "description": "Providers for the package item" - }, - "firstPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", - "description": "first publish date package item" - }, - "lastPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", - "description": "last publish date for the package item" - }, - "categories": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", - "description": "The categories of the package" - }, - "threatAnalysisTactics": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "icon": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the content metadata" + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties" } - }, + ], "required": [ "contentId", + "contentProductId", "contentKind", "version", "displayName" ], "type": "object" - }, - "metadataDependencies": { - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", - "type": "object", - "properties": { - "contentId": { - "description": "Id of the content item we depend on", - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId" - }, - "kind": { - "description": "Type of the content item we depend on", - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataKind" - }, - "version": { - "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion" - }, - "name": { - "description": "Name of the content item", - "type": "string" - }, - "operator": { - "description": "Operator used for list of dependencies in criteria array.", - "type": "string", - "enum": [ - "AND", - "OR" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "operator", - "values": [ - { - "value": "AND" - }, - { - "value": "OR" - } - ] - } - }, - "criteria": { - "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", - "type": "array", - "items": { - "$ref": "#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - }, - "x-ms-identifiers": [], - "example": [ - { - "kind": "DataConnector", - "contentId": "68b1de8a-b635-430d-b208-01ba3dda5877", - "version": "1.0.0" - }, - { - "kind": "Workbook", - "contentId": "ad903b46-9905-4504-9825-3bcce796da8e", - "version": "1.0.0" - } - ] - } - } } }, "parameters": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json index 761bf70360f2..ec9ae6cd9a4f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductPackages.json @@ -76,7 +76,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/packageList" + "$ref": "#/definitions/productPackageList" } }, "default": { @@ -124,7 +124,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/packageModel" + "$ref": "#/definitions/productPackageModel" } }, "default": { @@ -138,7 +138,7 @@ } }, "definitions": { - "packageList": { + "productPackageList": { "description": "List available packages.", "properties": { "nextLink": { @@ -149,7 +149,7 @@ "value": { "description": "Array of packages.", "items": { - "$ref": "#/definitions/packageModel" + "$ref": "#/definitions/productPackageModel" }, "type": "array" } @@ -159,7 +159,7 @@ ], "type": "object" }, - "packageModel": { + "productPackageModel": { "allOf": [ { "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" @@ -169,119 +169,53 @@ "properties": { "properties": { "description": "package properties", - "$ref": "#/definitions/packageProperties", + "$ref": "#/definitions/productPackageProperties", "x-ms-client-flatten": true } }, "type": "object" }, - "packageProperties": { + "productPackageProperties": { "description": "Describes package properties", - "properties": { - "contentId": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties", "description": "The content id of the package" }, - "contentKind": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", + { + "$ref": "#/definitions/productPackageAdditionalProperties", "description": "The package kind" - }, + } + ], + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ], + "type": "object" + }, + "productPackageAdditionalProperties": { + "description": "product package additional properties", + "properties": { "installedVersion": { "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", "description": "The version of the installed package, null or absent means not installed." }, - "contentSchemaVersion": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", - "description": "The version of the content schema." - }, "resourceId": { "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", "description": "The metadata resource id." }, - "isNew": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this is a newly published package." - }, - "isPreview": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this package is in preview." - }, - "isFeatured": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataTrueFalseFlag", - "description": "Flag indicates if this package is among the featured list." - }, - "version": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", - "description": "the latest version number of the package" - }, - "displayName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "The display name of the package" - }, - "description": { - "description": "The description of the package", - "type": "string" - }, - "publisherDisplayName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "The publisher display name of the package" - }, - "source": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", - "description": "The source of the package" - }, - "author": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", - "description": "The author of the package" - }, - "support": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", - "description": "The support tier of the package" - }, - "dependencies": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", - "description": "The support tier of the package" - }, - "providers": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", - "description": "Providers for the package item" - }, - "firstPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", - "description": "first publish date package item" - }, - "lastPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", - "description": "last publish date for the package item" - }, - "categories": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", - "description": "The categories of the package" - }, - "threatAnalysisTactics": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "icon": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the content metadata" - }, "packagedContent": { - "type": "object", + "$ref": "#/definitions/packagedContent", "description": "the json to deploy" } }, - "required": [ - "contentId", - "contentKind", - "version", - "displayName" - ], "type": "object" + }, + "packagedContent": { + "type": "object", + "description": "the json to deploy" } }, "parameters": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json index a7deae0c8e37..d68a89f4f000 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentProductTemplates.json @@ -76,7 +76,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/templateList" + "$ref": "#/definitions/productTemplateList" } }, "default": { @@ -124,7 +124,7 @@ "200": { "description": "OK", "schema": { - "$ref": "#/definitions/templateModel" + "$ref": "#/definitions/productTemplateModel" } }, "default": { @@ -138,14 +138,14 @@ } }, "definitions": { - "templateList": { + "productTemplateList": { "description": "List of all the template.", "type": "object", "properties": { "value": { "description": "Array of templates.", "items": { - "$ref": "#/definitions/templateModel" + "$ref": "#/definitions/productTemplateModel" }, "type": "array" }, @@ -159,7 +159,7 @@ "value" ] }, - "templateModel": { + "productTemplateModel": { "allOf": [ { "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" @@ -169,13 +169,21 @@ "properties": { "properties": { "description": "template properties", - "$ref": "#/definitions/templateProperties", + "$ref": "#/definitions/productTemplateProperties", "x-ms-client-flatten": true } }, "type": "object" }, - "templateProperties": { + "productTemplateProperties": { + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" + }, + { + "$ref": "#/definitions/productTemplateAdditionalProperties" + } + ], "description": "Template property bag.", "required": [ "contentId", @@ -183,101 +191,12 @@ "displayName", "contentKind", "source" - ], + ] + }, + "productTemplateAdditionalProperties": { + "description": "additional properties of product template.", "type": "object", "properties": { - "contentId": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "parentId": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataParentId", - "description": "Full parent resource ID of the content item the template is for. This is the full resource ID including the scope (subscription and resource group)" - }, - "version": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataKind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "author": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", - "description": "The creator of the content item." - }, - "support": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", - "description": "Support information for the template - type, name, contact information" - }, - "dependencies": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - }, - "categories": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", - "description": "Categories for the item" - }, - "providers": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", - "description": "Providers for the content item" - }, - "firstPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", - "description": "first publish date content item" - }, - "lastPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", - "description": "last publish date for the content item" - }, - "customVersion": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCustomVersion", - "description": "The custom version of the content. A optional free text" - }, - "contentSchemaVersion": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentSchemaVersion", - "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" - }, - "icon": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the content metadata" - }, - "threatAnalysisTactics": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "previewImages": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImages", - "description": "preview image file names. These will be taken from the solution artifacts" - }, - "previewImagesDark": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImagesDark", - "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" - }, - "packageId": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", - "description": "the package Id contains this template" - }, - "packageKind": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", - "description": "the packageKind of the package contains this template" - }, - "packageName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "the name of the package contains this template" - }, "packagedContent": { "type": "object", "description": "the json to deploy" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json index 6cb06d3ca875..6d3850cfa9e2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/ContentTemplates.json @@ -271,6 +271,14 @@ "type": "object" }, "templateProperties": { + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" + }, + { + "$ref": "#/definitions/templateAdditionalProperties" + } + ], "description": "Template property bag.", "required": [ "contentId", @@ -278,103 +286,25 @@ "displayName", "contentKind", "source", - "packageId" + "packageId", + "packageVersion", + "contentProductId" ], + "type": "object" + }, + "templateAdditionalProperties": { + "description": "additional properties of product template.", "type": "object", "properties": { - "contentId": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", - "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" - }, - "version": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", - "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" - }, - "displayName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "The display name of the template" - }, - "contentKind": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataKind", - "description": "The kind of content the template is for." - }, - "source": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSource", - "description": "Source of the content. This is where/how it was created." - }, - "author": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataAuthor", - "description": "The creator of the content item." - }, - "support": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataSupport", - "description": "Support information for the template - type, name, contact information" - }, - "dependencies": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - }, - "categories": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCategories", - "description": "Categories for the item" - }, - "providers": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataProviders", - "description": "Providers for the content item" - }, - "firstPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataFirstPublishDate", - "description": "first publish date content item" - }, - "lastPublishDate": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataLastPublishDate", - "description": "last publish date for the content item" - }, - "customVersion": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataCustomVersion", - "description": "The custom version of the content. A optional free text" - }, - "contentSchemaVersion": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentSchemaVersion", - "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" - }, - "icon": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataIcon", - "description": "the icon identifier. this id can later be fetched from the content metadata" - }, - "threatAnalysisTactics": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTactics", - "description": "the tactics the resource covers" - }, - "threatAnalysisTechniques": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataThreatAnalysisTechniques", - "description": "the techniques the resource covers, these have to be aligned with the tactics being used" - }, - "previewImages": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImages", - "description": "preview image file names. These will be taken from the solution artifacts" - }, - "previewImagesDark": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPreviewImagesDark", - "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" - }, - "packageId": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", - "description": "the package Id contains this template" - }, - "packageKind": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataPackageKind", - "description": "the packageKind of the package contains this template" - }, - "packageName": { - "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDisplayName", - "description": "the name of the package contains this template" - }, "mainTemplate": { - "description": "The JSON of the ARM template to deploy active content", - "type": "object" + "$ref": "#/definitions/mainTemplate", + "description": "The JSON of the ARM template to deploy active content" } } + }, + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content", + "type": "object" } }, "parameters": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json index ef4edd08efd5..83a99f35cc84 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/Metadata.json @@ -462,56 +462,6 @@ } } }, - "metadataDependencies": { - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", - "type": "object", - "properties": { - "contentId": { - "description": "Id of the content item we depend on", - "$ref": "#/definitions/metadataContentId" - }, - "kind": { - "description": "Type of the content item we depend on", - "$ref": "#/definitions/metadataKind" - }, - "version": { - "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", - "$ref": "#/definitions/metadataVersion" - }, - "name": { - "description": "Name of the content item", - "type": "string" - }, - "operator": { - "description": "Operator used for list of dependencies in criteria array.", - "type": "string", - "enum": [ - "AND", - "OR" - ], - "x-ms-enum": { - "modelAsString": true, - "name": "operator", - "values": [ - { - "value": "AND" - }, - { - "value": "OR" - } - ] - } - }, - "criteria": { - "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", - "type": "array", - "items": { - "$ref": "#/definitions/metadataDependencies", - "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." - } - } - } - }, "metadataCategories": { "type": "object", "description": "ies for the solution content item", @@ -658,7 +608,7 @@ "description": "Support information for the metadata - type, name, contact information" }, "dependencies": { - "$ref": "#/definitions/metadataDependencies", + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." }, "categories": { @@ -740,7 +690,7 @@ "description": "Support information for the metadata - type, name, contact information" }, "dependencies": { - "$ref": "#/definitions/metadataDependencies", + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." }, "categories": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json index cd86cd6749b1..c4c5933b3203 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/common/ContentCommonTypes.json @@ -299,6 +299,18 @@ }, "x-ms-identifiers": [ "contentId" + ], + "example": [ + { + "kind": "DataConnector", + "contentId": "68b1de8a-b635-430d-b208-01ba3dda5877", + "version": "1.0.0" + }, + { + "kind": "Workbook", + "contentId": "ad903b46-9905-4504-9825-3bcce796da8e", + "version": "1.0.0" + } ] } } @@ -423,6 +435,202 @@ "items": { "type": "string" } + }, + "templateBaseProperties": { + "description": "Template property bag.", + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/metadataFirstPublishDate", + "description": "first publish date content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/metadataLastPublishDate", + "description": "last publish date for the content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + }, + "packageId": { + "$ref": "#/definitions/metadataContentId", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/metadataPackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "the name of the package contains this template" + } + } + }, + "packageBaseProperties": { + "description": "Describes package properties", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/metadataPackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataVersion", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is among the featured list." + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "the latest version number of the package" + }, + "displayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The display name of the package" + }, + "description": { + "description": "The description of the package", + "type": "string" + }, + "publisherDisplayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the package item" + }, + "firstPublishDate": { + "$ref": "#/definitions/metadataFirstPublishDate", + "description": "first publish date package item" + }, + "lastPublishDate": { + "$ref": "#/definitions/metadataLastPublishDate", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + } + }, + "type": "object" } }, "parameters": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json index 1709d1f3b4f3..1c0e0ef46963 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackageById.json @@ -15,6 +15,7 @@ "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", "contentKind": "Solution", "version": "2.0.0", "displayName": "str" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json index 9b1b71225f70..13a5c06f511b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetPackages.json @@ -17,6 +17,7 @@ "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", "contentKind": "Solution", "contentSchemaVersion": "3.0.0", "version": "2.0.0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json index 3ba92a4d160e..7ef0ae167c2d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackageById.json @@ -15,6 +15,7 @@ "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", "contentKind": "Solution", "installedVersion": "2.0.0", "version": "2.0.0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json index 9c256e48df46..9ff7aabc9c3c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/GetProductPackages.json @@ -16,6 +16,7 @@ "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", "contentKind": "Solution", "installedVersion": "2.0.0", "version": "2.0.0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json index aa0149858c03..89d1f75680cc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentPackages/InstallPackage.json @@ -8,6 +8,7 @@ "packageInstallationProperties": { "properties": { "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", "contentKind": "Solution", "version": "2.0.0", "displayName": "str" @@ -27,6 +28,7 @@ "properties": { "contentId": "str.azure-sentinel-solution-str", "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", "installedVersion": "2.0.0", "version": "2.0.0", "displayName": "str", @@ -89,6 +91,7 @@ "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", "contentKind": "Solution", "installedVersion": "2.0.0", "version": "2.0.0", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json index 0d1d80f591df..f747e53faee4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -14,18 +14,20 @@ "type": "Microsoft.SecurityInsights/contenttemplates", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "contentId": "content id", + "contentId": "contentId", "version": "1.0.0", + "packageVersion": "1.0.0", "displayName": "My installed template", "contentKind": "Workbooks", - "packageId": "package id", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageId": "packageId", "packageKind": "Standalone", "packageName": "package name", "source": { "kind": "Standalone", "name": "Source name" }, - "mainTemplate": "JSON string of the installed template" + "mainTemplate": {} }, "systemData": { "createdBy": "string", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json index 25db831eedc8..f41688d108cc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -15,11 +15,13 @@ "type": "Microsoft.SecurityInsights/contenttemplates", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "contentId": "content id", + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", "version": "1.0.0", + "packageVersion": "1.0.0", "displayName": "My installed template", "contentKind": "Workbooks", - "packageId": "package id", + "packageId": "packageId", "packageKind": "Standalone", "packageName": "package name", "source": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json index fadc906d0ab4..9146bb834d56 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplateById.json @@ -14,16 +14,18 @@ "type": "Microsoft.SecurityInsights/contenttemplates", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "contentId": "content id", + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", "version": "1.0.0", + "packageVersion": "1.0.0", "displayName": "My installed template", "contentKind": "Workbooks", - "packageId": "package id", + "packageId": "packageId", "source": { "kind": "Standalone", "name": "Source name" }, - "mainTemplate": "JSON string of the installed template" + "mainTemplate": {} }, "systemData": { "createdBy": "string", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json index 6715bc7372fb..d4d160b73e81 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/GetTemplates.json @@ -15,11 +15,13 @@ "type": "Microsoft.SecurityInsights/contenttemplates", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "contentId": "content id", + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageVersion": "1.0.0", "version": "1.0.0", "displayName": "My installed template", "contentKind": "Workbooks", - "packageId": "package id", + "packageId": "packageId", "source": { "kind": "Standalone", "name": "Source name" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json index 97fd0e38df1b..5f14ed5ed0fa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/contentTemplates/InstallTemplate.json @@ -8,9 +8,11 @@ "templateInstallationProperties": { "properties": { "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", "displayName": "API Protection workbook template", "contentKind": "AnalyticsRule", "version": "1.0.1", + "packageVersion": "1.0.0", "packageId": "str.azure-sentinel-solution-str", "packageName": "str", "packageKind": "Solution", @@ -97,9 +99,11 @@ "type": "Microsoft.SecurityInsights/contenttemplates", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "contentId": "4465ebde-c381-45d7-af08-7d818072a11c", + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", "packageKind": "Solution", - "packageId": "package id", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", "contentKind": "AnalyticsRule", "version": "1.0.1", "displayName": "API Protection workbook template", @@ -161,9 +165,11 @@ "type": "Microsoft.SecurityInsights/contenttemplates", "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", "properties": { - "contentId": "4465ebde-c381-45d7-af08-7d818072a11c", + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", "packageKind": "Solution", - "packageId": "package id", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", "contentKind": "AnalyticsRule", "version": "1.0.1", "displayName": "API Protection workbook template", From 6767b02ab25c67b02b5e9cb773944de6631766cb Mon Sep 17 00:00:00 2001 From: sagamzu <52034287+sagamzu@users.noreply.github.com> Date: Wed, 12 Jul 2023 20:04:23 +0300 Subject: [PATCH 07/10] Fix dataConnectorDefinition (new API) (#24759) * fix swagger doc * typo * fix int format --- .../dataConnectorDefinitions.json | 145 ++++++++---------- ...teCustomizableDataConnectorDefinition.json | 6 +- ...stomizableDataConnectoeDefinitionById.json | 5 +- .../GetDataConnectorDefinitions.json | 2 +- 4 files changed, 68 insertions(+), 90 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json index 76c77e0de127..b966a79ced92 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json @@ -67,7 +67,7 @@ "200": { "description": "Success", "schema": { - "$ref": "#/definitions/ConnectorDefinitionBaseArmCollectionWrapper" + "$ref": "#/definitions/DataConnectorDefinitionArmCollectionWrapper" } }, "default": { @@ -115,7 +115,7 @@ "200": { "description": "Success", "schema": { - "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + "$ref": "#/definitions/DataConnectorDefinition" } }, "default": { @@ -164,21 +164,23 @@ "name": "connectorDefinitionInput", "required": true, "schema": { - "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapperWithConverter" - } + "$ref": "#/definitions/DataConnectorDefinition" + }, + "description": "The data connector definition", + "x-ms-parameter-location": "method" } ], "responses": { "200": { "description": "Updated", "schema": { - "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + "$ref": "#/definitions/DataConnectorDefinition" } }, "201": { "description": "Created", "schema": { - "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + "$ref": "#/definitions/DataConnectorDefinition" } }, "default": { @@ -252,36 +254,9 @@ } }, "AvailabilityStatus": { - "description": "The exposure status of the connector to the customers.", - "enum": [ - "None", - "Available", - "FeatureFlag", - "Internal" - ], - "type": "string", - "example": "None", - "x-ms-enum": { - "name": "AvailabilityStatus", - "modelAsString": true, - "values": [ - { - "value": "None" - }, - { - "value": "Available", - "description": "The connector is fully available to be used by customers." - }, - { - "value": "FeatureFlag", - "description": "The connector is under a feature flag and not available for all customers." - }, - { - "value": "Internal", - "description": "The connector is internal and should not be shown in DataConnectors blade." - } - ] - } + "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal).", + "type": "integer", + "format": "int32" }, "ConnectivityCriterion": { "description": "The criteria by which we determine whether the connector is connected or not.\r\nFor Example, use a KQL query to check if the expected data type is flowing).", @@ -321,30 +296,50 @@ } } }, - "ConnectorDefinitionBase": { + "DataConnectorDefinition": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "required": [ + "kind" + ], "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\r\nand the info required to define data connections.", "type": "object", "properties": { - "createdTimeUtc": { - "format": "date-time", - "description": "Gets or sets the connector definition created date in UTC format.", - "type": "string" - }, - "lastModifiedUtc": { - "format": "date-time", - "description": "Gets or sets the connector definition last modified date in UTC format.", + "kind": { + "$ref": "#/definitions/DataConnectorDefinitionKind", + "description": "The data connector kind", "type": "string" } + }, + "discriminator": "kind" + }, + "DataConnectorDefinitionKind": { + "description": "The kind of the data connector definitions", + "enum": [ + "Customizable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorDefinitionKind", + "values": [ + { + "value": "Customizable" + } + ] } }, - "ConnectorDefinitionBaseArmCollectionWrapper": { + "DataConnectorDefinitionArmCollectionWrapper": { "type": "object", "description": "Encapsulate the data connector definition object", "properties": { "value": { "type": "array", "items": { - "$ref": "#/definitions/ConnectorDefinitionBaseArmObjectWrapper" + "$ref": "#/definitions/DataConnectorDefinition" } }, "nextLink": { @@ -352,58 +347,40 @@ } } }, - "ConnectorDefinitionBaseArmObjectWrapper": { - "required": [ - "properties" - ], + "CustomizableConnectorDefinition": { + "description": "Connector definition for kind 'Customizable'.", "type": "object", - "description": "Encapsulate the data connector definition object", "allOf": [ { - "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + "$ref": "#/definitions/DataConnectorDefinition" } ], "properties": { "properties": { - "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\r\nand the info required to define data connections.", - "type": "object", - "$ref": "#/definitions/ConnectorDefinitionBase", + "$ref": "#/definitions/CustomizableConnectorDefinitionProperties", + "description": "Customizable properties.", "x-ms-client-flatten": true } - } + }, + "x-ms-discriminator-value": "Customizable" }, - "ConnectorDefinitionBaseArmObjectWrapperWithConverter": { - "required": [ - "properties" - ], + "CustomizableConnectorDefinitionProperties": { + "description": "The UiConfig for 'Customizable' connector definition kind.", "type": "object", - "description": "Encapsulate the data connector definition object", - "allOf": [ - { - "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" - } - ], - "properties": { - "properties": { - "description": "Gets or sets the nested level of properties which contains the resource content", - "type": "object", - "$ref": "#/definitions/ConnectorDefinitionBase", - "x-ms-client-flatten": true - } - } - }, - "CustomizableConnectorDefinition": { - "description": "Connector definition for ConnectorDefinitionKind 'Customizable'.", "required": [ "connectorUiConfig" ], - "type": "object", - "allOf": [ - { - "$ref": "#/definitions/ConnectorDefinitionBase" - } - ], "properties": { + "createdTimeUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition created date in UTC format.", + "type": "string" + }, + "lastModifiedUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition last modified date in UTC format.", + "type": "string" + }, "connectorUiConfig": { "$ref": "#/definitions/CustomizableConnectorUiConfig" }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json index d702b8973971..1da3c0ca937d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -32,7 +32,7 @@ "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" } ], - "ConnectivityCriteria": [ + "connectivityCriteria": [ { "type": "IsConnectedQuery", "value": [ @@ -119,7 +119,7 @@ "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" } ], - "ConnectivityCriteria": [ + "connectivityCriteria": [ { "type": "IsConnectedQuery", "value": [ @@ -205,7 +205,7 @@ "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" } ], - "ConnectivityCriteria": [ + "connectivityCriteria": [ { "type": "IsConnectedQuery", "value": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json index 6c334e922d5f..c4bdc929cb0e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json @@ -38,7 +38,7 @@ "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" } ], - "ConnectivityCriteria": [ + "connectivityCriteria": [ { "type": "IsConnectedQuery", "value": [ @@ -91,7 +91,8 @@ ] }, "connectionsConfig": { - "templateSpecName": "templateNameMock" + "templateSpecName": "templateNameMock", + "templateSpecVersion": "1.0.0" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json index ad00261f5ee5..7fcf1f485856 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -39,7 +39,7 @@ "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" } ], - "ConnectivityCriteria": [ + "connectivityCriteria": [ { "type": "IsConnectedQuery", "value": [ From f5c3aff9271447af6422291b16458cab8abd230b Mon Sep 17 00:00:00 2001 From: sagamzu <52034287+sagamzu@users.noreply.github.com> Date: Tue, 18 Jul 2023 00:00:33 +0300 Subject: [PATCH 08/10] Fix pattern (#24807) * remove pattern * add and fix - reuired parameter in the new validation * add and fix - reuired parameter in the new validation * fix pattren * fix pattren --- CloudError.cs | 62 +++++++++++++++++++ .../dataConnectorDefinitions.json | 2 +- 2 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 CloudError.cs diff --git a/CloudError.cs b/CloudError.cs new file mode 100644 index 000000000000..db4e2cabf2b8 --- /dev/null +++ b/CloudError.cs @@ -0,0 +1,62 @@ +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is +// regenerated. +// + +namespace Microsoft.Azure.Security.Insights.ArmClient +{ + using Microsoft.Rest; + using Microsoft.Rest.Serialization; + using Newtonsoft.Json; + using System.Linq; + + /// + /// Error response structure. + /// + [Rest.Serialization.JsonTransformation] + public partial class CloudError + { + /// + /// Initializes a new instance of the CloudError class. + /// + public CloudError() + { + CustomInit(); + } + + /// + /// Initializes a new instance of the CloudError class. + /// + /// An identifier for the error. Codes are invariant + /// and are intended to be consumed programmatically. + /// A message describing the error, intended to + /// be suitable for display in a user interface. + public CloudError(string code = default(string), string message = default(string)) + { + Code = code; + Message = message; + CustomInit(); + } + + /// + /// An initialization method that performs custom operations like setting defaults + /// + partial void CustomInit(); + + /// + /// Gets an identifier for the error. Codes are invariant and are + /// intended to be consumed programmatically. + /// + [JsonProperty(PropertyName = "error.code")] + public string Code { get; private set; } + + /// + /// Gets a message describing the error, intended to be suitable for + /// display in a user interface. + /// + [JsonProperty(PropertyName = "error.message")] + public string Message { get; private set; } + + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json index b966a79ced92..84e116aaaed1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json @@ -727,7 +727,7 @@ "description": "The data connector definition name.", "required": true, "type": "string", - "pattern": "^[a-z0-9-]*$", + "pattern": "^[a-z0-9A-Z-_]*$", "x-ms-parameter-location": "method" } } From af436d8609eadedaba967e4b87b5f93fc1ac7a5a Mon Sep 17 00:00:00 2001 From: sagamzu <52034287+sagamzu@users.noreply.github.com> Date: Tue, 25 Jul 2023 09:40:40 +0300 Subject: [PATCH 09/10] Remove CloudError.cs file (#24962) Remove CloudError.cs. Added by mistake in https://github.com/Azure/azure-rest-api-specs/pull/24807/files --- CloudError.cs | 62 --------------------------------------------------- 1 file changed, 62 deletions(-) delete mode 100644 CloudError.cs diff --git a/CloudError.cs b/CloudError.cs deleted file mode 100644 index db4e2cabf2b8..000000000000 --- a/CloudError.cs +++ /dev/null @@ -1,62 +0,0 @@ -// -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is -// regenerated. -// - -namespace Microsoft.Azure.Security.Insights.ArmClient -{ - using Microsoft.Rest; - using Microsoft.Rest.Serialization; - using Newtonsoft.Json; - using System.Linq; - - /// - /// Error response structure. - /// - [Rest.Serialization.JsonTransformation] - public partial class CloudError - { - /// - /// Initializes a new instance of the CloudError class. - /// - public CloudError() - { - CustomInit(); - } - - /// - /// Initializes a new instance of the CloudError class. - /// - /// An identifier for the error. Codes are invariant - /// and are intended to be consumed programmatically. - /// A message describing the error, intended to - /// be suitable for display in a user interface. - public CloudError(string code = default(string), string message = default(string)) - { - Code = code; - Message = message; - CustomInit(); - } - - /// - /// An initialization method that performs custom operations like setting defaults - /// - partial void CustomInit(); - - /// - /// Gets an identifier for the error. Codes are invariant and are - /// intended to be consumed programmatically. - /// - [JsonProperty(PropertyName = "error.code")] - public string Code { get; private set; } - - /// - /// Gets a message describing the error, intended to be suitable for - /// display in a user interface. - /// - [JsonProperty(PropertyName = "error.message")] - public string Message { get; private set; } - - } -} From d9922c84d0b6e6b9b20d9537a229e1019ecfbead Mon Sep 17 00:00:00 2001 From: sagamzu <52034287+sagamzu@users.noreply.github.com> Date: Wed, 26 Jul 2023 15:57:21 +0300 Subject: [PATCH 10/10] Add pagination (#24986) * add pagination --- .../preview/2023-07-01-preview/dataConnectorDefinitions.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json index 84e116aaaed1..1861d38e156e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-07-01-preview/dataConnectorDefinitions.json @@ -76,6 +76,9 @@ "$ref": "../../../common/2.0/types.json#/definitions/CloudError" } } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" } } },