From b3c52a0f91513e0e7ecf1cc06648db04f174f64a Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Sun, 28 Feb 2021 14:13:23 +0000 Subject: [PATCH] CodeGen from PR 13195 in Azure/azure-rest-api-specs Merge f8343128727a61df0407eb53768bb172121e42bb into 057a2f0ecad93bf837e6299b3b0393bc662cbbd7 --- .../Microsoft.SecurityInsights.json | 286 +++++++++++++++++- .../Microsoft.SecurityInsights.json | 10 +- 2 files changed, 291 insertions(+), 5 deletions(-) diff --git a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json index d28fef041c..b606622153 100644 --- a/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json +++ b/schemas/2019-01-01-preview/Microsoft.SecurityInsights.json @@ -349,6 +349,12 @@ { "$ref": "#/definitions/AATPDataConnector" }, + { + "$ref": "#/definitions/MSTIDataConnector" + }, + { + "$ref": "#/definitions/MTPDataConnector" + }, { "$ref": "#/definitions/ASCDataConnector" }, @@ -551,6 +557,9 @@ "settings": { "type": "object", "oneOf": [ + { + "$ref": "#/definitions/IPSyncer" + }, { "$ref": "#/definitions/EyesOn" }, @@ -852,6 +861,10 @@ "description": "Logic App Callback URL for this specific workflow." } }, + "required": [ + "logicAppResourceId", + "triggerUri" + ], "description": "Action property bag." }, "alertRules_actions_childResource": { @@ -2050,6 +2063,37 @@ ], "description": "Microsoft.SecurityInsights/incidents/relations" }, + "IPSyncer": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "IPSyncer" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/IPSyncerSettingsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "IPSyncer property bag." + } + }, + "required": [ + "kind" + ], + "description": "Settings with single toggle." + }, + "IPSyncerSettingsProperties": { + "type": "object", + "properties": {}, + "description": "IPSyncer property bag." + }, "MCASDataConnector": { "type": "object", "properties": { @@ -2372,6 +2416,216 @@ ], "description": "MLBehaviorAnalytics alert rule base property bag." }, + "MSTIDataConnector": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "MicrosoftThreatIntelligence" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Microsoft Threat Intelligence data connector properties." + } + }, + "required": [ + "kind" + ], + "description": "Represents Microsoft Threat Intelligence data connector." + }, + "MSTIDataConnectorDataTypes": { + "type": "object", + "properties": { + "bingSafetyPhishingURL": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorDataTypesBingSafetyPhishingURL" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + }, + "microsoftEmergingThreatFeed": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + } + }, + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector." + }, + "MSTIDataConnectorDataTypesBingSafetyPhishingURL": { + "type": "object", + "properties": { + "lookbackPeriod": { + "type": "string", + "description": "lookback period" + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describe whether this data type connection is enabled or not." + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + }, + "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed": { + "type": "object", + "properties": { + "lookbackPeriod": { + "type": "string", + "description": "lookback period" + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describe whether this data type connection is enabled or not." + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector." + }, + "MSTIDataConnectorProperties": { + "type": "object", + "properties": { + "dataTypes": { + "oneOf": [ + { + "$ref": "#/definitions/MSTIDataConnectorDataTypes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector." + }, + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + } + }, + "description": "Microsoft Threat Intelligence data connector properties." + }, + "MTPDataConnector": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "enum": [ + "MicrosoftThreatProtection" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MTPDataConnectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "MTP (Microsoft Threat Protection) data connector properties." + } + }, + "required": [ + "kind" + ], + "description": "Represents MTP (Microsoft Threat Protection) data connector." + }, + "MTPDataConnectorDataTypes": { + "type": "object", + "properties": { + "incidents": { + "oneOf": [ + { + "$ref": "#/definitions/MTPDataConnectorDataTypesIncidents" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data type for Microsoft Threat Protection Platforms data connector." + } + }, + "description": "The available data types for Microsoft Threat Protection Platforms data connector." + }, + "MTPDataConnectorDataTypesIncidents": { + "type": "object", + "properties": { + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describe whether this data type connection is enabled or not." + } + }, + "description": "Data type for Microsoft Threat Protection Platforms data connector." + }, + "MTPDataConnectorProperties": { + "type": "object", + "properties": { + "dataTypes": { + "oneOf": [ + { + "$ref": "#/definitions/MTPDataConnectorDataTypes" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available data types for Microsoft Threat Protection Platforms data connector." + }, + "tenantId": { + "type": "string", + "description": "The tenant id to connect to, and get the data from." + } + }, + "description": "MTP (Microsoft Threat Protection) data connector properties." + }, "OfficeATPDataConnector": { "type": "object", "properties": { @@ -3193,7 +3447,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Threat Intelligence Platforms data connector properties." + "description": "TI (Threat Intelligence) data connector properties." } }, "required": [ @@ -3256,9 +3510,14 @@ "tenantId": { "type": "string", "description": "The tenant id to connect to, and get the data from." + }, + "tipLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported." } }, - "description": "Threat Intelligence Platforms data connector properties." + "description": "TI (Threat Intelligence) data connector properties." }, "TiTaxiiDataConnector": { "type": "object", @@ -3350,6 +3609,27 @@ "type": "string", "description": "The password for the TAXII server." }, + "pollingFrequency": { + "oneOf": [ + { + "type": "string", + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The polling frequency for the TAXII server." + }, + "taxiiLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the TAXII server." + }, "taxiiServer": { "type": "string", "description": "The API root for the TAXII server." @@ -3707,4 +3987,4 @@ "description": "Microsoft.SecurityInsights/watchlists/watchlistItems" } } -} \ No newline at end of file +} diff --git a/schemas/2020-01-01/Microsoft.SecurityInsights.json b/schemas/2020-01-01/Microsoft.SecurityInsights.json index c992ffa8f0..c50de812ca 100644 --- a/schemas/2020-01-01/Microsoft.SecurityInsights.json +++ b/schemas/2020-01-01/Microsoft.SecurityInsights.json @@ -401,7 +401,8 @@ } }, "required": [ - "logicAppResourceId" + "logicAppResourceId", + "triggerUri" ], "description": "Action property bag." }, @@ -1665,6 +1666,11 @@ "tenantId": { "type": "string", "description": "The tenant id to connect to, and get the data from." + }, + "tipLookbackPeriod": { + "type": "string", + "format": "date-time", + "description": "The lookback period for the feed to be imported." } }, "description": "TI (Threat Intelligence) data connector properties." @@ -1691,4 +1697,4 @@ "description": "User information that made some action" } } -} \ No newline at end of file +}