From c89813b4ade2f3c7c7a05e3dcdac8582000d3521 Mon Sep 17 00:00:00 2001 From: nmizrahi6 <100570740+nmizrahi6@users.noreply.github.com> Date: Thu, 9 Jun 2022 17:38:14 +0300 Subject: [PATCH 1/3] added Nic entity type + modified IoTDevice props --- .../common/EntityTypes.json | 151 +++++++++++++++++- 1 file changed, 149 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/common/EntityTypes.json index b15b9bcce26e..7df607c07cac 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/common/EntityTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/common/EntityTypes.json @@ -291,7 +291,8 @@ "Mailbox", "MailCluster", "MailMessage", - "SubmissionMail" + "SubmissionMail", + "Nic" ], "type": "string", "x-ms-enum": { @@ -381,6 +382,10 @@ { "description": "Entity represents submission mail in the system.", "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" } ] } @@ -408,7 +413,8 @@ "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail" + "SubmissionMail", + "Nic" ], "type": "string", "x-ms-enum": { @@ -498,6 +504,10 @@ { "description": "Entity represents submission mail in the system.", "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" } ] } @@ -1000,6 +1010,96 @@ "readOnly": true, "type": "array", "x-ms-identifiers": [] + }, + "owners": { + "description": "A list of owners of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "nicEntityIds": { + "description": "A list of Nic entity ids of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "site": { + "description": "The site of the device", + "readOnly": true, + "type": "string" + }, + "zone": { + "description": "The zone location of the device within a site", + "readOnly": true, + "type": "string" + }, + "sensor": { + "description": "The sensor the device is monitored by", + "readOnly": true, + "type": "string" + }, + "deviceSubType": { + "description": "The subType of the device ('PLC', 'HMI', 'EWS', etc.)", + "readOnly": true, + "type": "string" + }, + "importance": { + "description": "Device importance, determines if the device classified as 'crown jewel'", + "enum": [ + "Unknown", + "Low", + "Normal", + "High" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeviceImportance", + "values": [ + { + "description": "Unknown - Default value", + "value": "Unknown" + }, + { + "description": "Low", + "value": "Low" + }, + { + "description": "Normal", + "value": "Normal" + }, + { + "description": "High", + "value": "High" + } + ] + } + }, + "purdueLayer": { + "description": "The Purdue Layer of the device", + "readOnly": true, + "type": "string" + }, + "isAuthorized": { + "description": "Determines whether the device classified as authorized device", + "readOnly": true, + "type": "boolean" + }, + "isProgramming": { + "description": "Determines whether the device classified as programming device", + "readOnly": true, + "type": "boolean" + }, + "isScanner": { + "description": "Is the device classified as a scanner device", + "readOnly": true, + "type": "boolean" } }, "type": "object" @@ -2399,6 +2499,53 @@ } }, "type": "object" + }, + "NicEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an network interface entity.", + "properties": { + "properties": { + "$ref": "#/definitions/NicEntityProperties", + "description": "Network interface entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Nic" + }, + "NicEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Nic entity property bag.", + "properties": { + "macAddress": { + "description": "The MAC address of this network interface", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity id of this network interface", + "readOnly": true, + "type": "string" + }, + "vlans": { + "description": "A list of VLANs of the network interface entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" } }, "parameters": {} From 951fa2f2bb08ee3abf9907288de9792955f83ef7 Mon Sep 17 00:00:00 2001 From: nmizrahi6 <100570740+nmizrahi6@users.noreply.github.com> Date: Thu, 9 Jun 2022 18:05:47 +0300 Subject: [PATCH 2/3] updated GetIoTDeviceEntity example fields --- .../entities/GetIoTDeviceEntityById.json | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json index 49c53ff0c4d7..434cecf849e7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -16,7 +16,28 @@ "properties": { "friendlyName": "device1", "deviceId": "device1", - "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c" + "deviceName": "device1", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c", + "nicEntityIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2" + ], + "deviceType": "Industrial", + "firmwareVersion": "20.11", + "importance": "Normal", + "isAuthorized": true, + "isProgramming": false, + "isScanner": false, + "model": "demo-model", + "protocols": [ + "CIP", + "EtherNet/IP" + ], + "operatingSystem": "Windows", + "purdueLayer": "ProcessControl", + "sensor": "demo-sensor", + "site": "demo-site", + "vendor": "demo-vendor", + "zone": "zone" } } } From b81a374dca108d5496d7bc247f63481e685f9d53 Mon Sep 17 00:00:00 2001 From: Natanel Mizrahi Date: Fri, 10 Jun 2022 12:15:40 +0300 Subject: [PATCH 3/3] ran prettier --- .../examples/entities/GetIoTDeviceEntityById.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json index 434cecf849e7..b7ff152c2282 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-07-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -29,7 +29,7 @@ "isScanner": false, "model": "demo-model", "protocols": [ - "CIP", + "CIP", "EtherNet/IP" ], "operatingSystem": "Windows",