Add case and incident tactics (Azure#8288)

* Added case tactics * Added incident tactics * Removing redundant comma from incident additional data * Changed tabs to spaces to better match format in file * Rename tactics field (alertTactics=>tactics) * Rename unknown classification to undetermined classification * Undo last commmit
tasharm-0412 · Mar 4, 2020 · f79dbcc · f79dbcc
1 parent 0a8f358
commit f79dbcc
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 4 deletions.
diff --git a/...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json b/...ource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json
@@ -4434,6 +4434,14 @@
           "readOnly": true,
           "type": "array"
         },
+        "tactics": {
+          "description": "The tactics associated with case",
+          "items": {
+            "$ref": "#/definitions/AttackTactic"
+          },
+          "readOnly": true,
+          "type": "array"
+        },
         "severity": {
           "description": "The severity of the case",
           "enum": [
@@ -5793,6 +5801,14 @@
           },
           "readOnly": true,
           "type": "array"
+        },
+        "tactics": {
+          "description": "The tactics associated with incident",
+          "items": {
+            "$ref": "#/definitions/AttackTactic"
+          },
+          "readOnly": true,
+          "type": "array"
         }
       },
       "type": "object"

diff --git a/...ager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json b/...ager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/CreateCase.json
@@ -55,6 +55,7 @@
           "relatedAlertIds": [
             "cf441808-2d50-4c10-81af-cdd0b908c121"
           ],
+          "tactics": [],
           "caseNumber": 3177
         }
       }
@@ -87,6 +88,7 @@
           "relatedAlertIds": [
             "cf441808-2d50-4c10-81af-cdd0b908c121"
           ],
+          "tactics": [],
           "caseNumber": 3177
         }
       }

diff --git a/...ger/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json b/...ger/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCaseById.json
@@ -37,6 +37,10 @@
           "relatedAlertIds": [
             "cf441808-2d50-4c10-81af-cdd0b908c121"
           ],
+          "tactics": [
+            "InitialAccess",
+            "Persistence"
+          ],
           "caseNumber": 3177,
           "lastComment": "This is a demo case",
           "totalComments": 3

diff --git a/...anager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json b/...anager/Microsoft.SecurityInsights/preview/2019-01-01-preview/examples/cases/GetCases.json
@@ -40,6 +40,10 @@
               "relatedAlertIds": [
                 "cf441808-2d50-4c10-81af-cdd0b908c121"
               ],
+              "tactics": [
+                "InitialAccess",
+                "Persistence"
+              ],
               "caseNumber": 3177,
               "lastComment": "This is a demo case",
               "totalComments": 3

diff --git a/...rosoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json b/...rosoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/CreateIncident.json
@@ -51,7 +51,8 @@
             "alertsCount": 0,
             "bookmarksCount": 0,
             "commentsCount": 3,
-            "alertProductNames": []
+            "alertProductNames": [],
+            "tactics": []
           }
         }
       }
@@ -84,7 +85,8 @@
             "alertsCount": 0,
             "bookmarksCount": 0,
             "commentsCount": 3,
-            "alertProductNames": []
+            "alertProductNames": [],
+            "tactics": []
           }
         }
       }

diff --git a/...osoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json b/...osoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidentById.json
@@ -36,7 +36,11 @@
             "alertsCount": 0,
             "bookmarksCount": 0,
             "commentsCount": 3,
-            "alertProductNames": []
+            "alertProductNames": [],
+            "tactics": [
+              "InitialAccess",
+              "Persistence"
+            ]
           }
         }
       }

diff --git a/...icrosoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json b/...icrosoft.SecurityInsights/preview/2019-01-01-preview/examples/incidents/GetIncidents.json
@@ -39,7 +39,10 @@
                 "alertsCount": 0,
                 "bookmarksCount": 0,
                 "commentsCount": 3,
-                "alertProductNames": []
+                "alertProductNames": [],
+                "tactics": [
+                  "Persistence"
+                ]
               }
             }
           }