From ab1eacd7af3031f419f0c37658dcb8c4999b859a Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Thu, 21 Sep 2023 17:51:00 -0700 Subject: [PATCH 1/7] Adds base for updating Microsoft.SecurityInsights from version preview/2023-09-01-preview to version 2023-10-01-preview --- .../2023-10-01-preview/AlertRules.json | 2543 ++++++++++++++ .../2023-10-01-preview/AutomationRules.json | 1495 ++++++++ .../2023-10-01-preview/BillingStatistics.json | 226 ++ .../preview/2023-10-01-preview/Bookmarks.json | 751 ++++ .../2023-10-01-preview/ContentPackages.json | 310 ++ .../ContentProductPackages.json | 231 ++ .../ContentProductTemplates.json | 217 ++ .../2023-10-01-preview/ContentTemplates.json | 330 ++ .../2023-10-01-preview/Enrichment.json | 381 ++ .../preview/2023-10-01-preview/Entities.json | 1556 ++++++++ .../2023-10-01-preview/EntityQueries.json | 507 +++ .../EntityQueryTemplates.json | 304 ++ .../2023-10-01-preview/FileImports.json | 564 +++ .../preview/2023-10-01-preview/Hunts.json | 994 ++++++ .../preview/2023-10-01-preview/Incidents.json | 1658 +++++++++ .../preview/2023-10-01-preview/Metadata.json | 774 ++++ .../2023-10-01-preview/OfficeConsents.json | 234 ++ .../2023-10-01-preview/OnboardingStates.json | 284 ++ .../2023-10-01-preview/Recommendations.json | 564 +++ .../SecurityMLAnalyticsSettings.json | 444 +++ .../preview/2023-10-01-preview/Settings.json | 423 +++ .../2023-10-01-preview/SourceControls.json | 971 +++++ .../ThreatIntelligence.json | 1097 ++++++ .../TriggeredAnalyticsRuleRuns.json | 353 ++ .../2023-10-01-preview/Watchlists.json | 721 ++++ .../WorkspaceManagerAssignments.json | 737 ++++ .../WorkspaceManagerConfigurations.json | 323 ++ .../WorkspaceManagerGroups.json | 318 ++ .../WorkspaceManagerMembers.json | 310 ++ .../2023-10-01-preview/common/AlertTypes.json | 81 + .../common/ContentCommonTypes.json | 637 ++++ .../common/EntityTypes.json | 2550 ++++++++++++++ .../common/IncidentTypes.json | 246 ++ .../common/RelationTypes.json | 95 + .../common/ThreatIntelligenceTypes.json | 48 + .../dataConnectorDefinitions.json | 737 ++++ .../2023-10-01-preview/dataConnectors.json | 3118 +++++++++++++++++ .../actions/CreateActionOfAlertRule.json | 43 + .../actions/DeleteActionOfAlertRule.json | 14 + .../actions/GetActionOfAlertRuleById.json | 24 + .../actions/GetAllActionsByAlertRule.json | 27 + .../GetAlertRuleTemplateById.json | 53 + .../GetAlertRuleTemplates.json | 238 ++ .../alertRules/CreateFusionAlertRule.json | 845 +++++ ...nAlertRuleWithFusionScenarioExclusion.json | 851 +++++ ...softSecurityIncidentCreationAlertRule.json | 58 + .../alertRules/CreateNrtAlertRule.json | 136 + .../alertRules/CreateScheduledAlertRule.json | 270 ++ .../examples/alertRules/DeleteAlertRule.json | 13 + .../examples/alertRules/GetAllAlertRules.json | 412 +++ .../alertRules/GetFusionAlertRule.json | 310 ++ ...softSecurityIncidentCreationAlertRule.json | 30 + .../examples/alertRules/GetNrtAlertRule.json | 55 + .../alertRules/GetScheduledAlertRule.json | 95 + .../AutomationRules_CreateOrUpdate.json | 171 + .../AutomationRules_Delete.json | 17 + .../automationRules/AutomationRules_Get.json | 65 + .../automationRules/AutomationRules_List.json | 68 + .../GetAllBillingStatistics.json | 26 + .../GetBillingStatistic.json | 23 + .../examples/bookmarks/CreateBookmark.json | 143 + .../examples/bookmarks/DeleteBookmark.json | 13 + .../examples/bookmarks/GetBookmarkById.json | 64 + .../examples/bookmarks/GetBookmarks.json | 67 + .../bookmarks/expand/PostExpandBookmark.json | 43 + .../relations/CreateBookmarkRelation.json | 43 + .../relations/DeleteBookmarkRelation.json | 14 + .../relations/GetAllBookmarkRelations.json | 28 + .../relations/GetBookmarkRelationByName.json | 25 + .../contentPackages/GetPackageById.json | 34 + .../examples/contentPackages/GetPackages.json | 39 + .../GetProductPackageById.json | 76 + .../contentPackages/GetProductPackages.json | 78 + .../contentPackages/InstallPackage.json | 151 + .../contentPackages/UninstallPackage.json | 13 + .../contentTemplates/DeleteTemplate.json | 13 + .../GetProductTemplateById.json | 43 + .../contentTemplates/GetProductTemplates.json | 45 + .../contentTemplates/GetTemplateById.json | 41 + .../contentTemplates/GetTemplates.json | 43 + .../contentTemplates/InstallTemplate.json | 228 ++ ...teCustomizableDataConnectorDefinition.json | 264 ++ .../DeleteDataConnectorDefinitionById.json | 13 + ...stomizableDataConnectoeDefinitionById.json | 101 + .../GetDataConnectorDefinitions.json | 100 + ...CheckRequirementsAzureActiveDirectory.json | 22 + ...tsAzureActiveDirectoryNoAuthorization.json | 22 + ...irementsAzureActiveDirectoryNoLicense.json | 22 + .../CheckRequirementsAzureSecurityCenter.json | 22 + .../CheckRequirementsDynamics365.json | 22 + .../dataConnectors/CheckRequirementsIoT.json | 22 + .../CheckRequirementsMdatp.json | 22 + ...RequirementsMicrosoftCloudAppSecurity.json | 22 + ...MicrosoftPurviewInformationProtection.json | 22 + ...quirementsMicrosoftThreatIntelligence.json | 22 + ...RequirementsMicrosoftThreatProtection.json | 22 + .../CheckRequirementsOffice365Project.json | 22 + .../CheckRequirementsOfficeATP.json | 22 + .../CheckRequirementsOfficeIRM.json | 22 + .../CheckRequirementsOfficePowerBI.json | 22 + .../CheckRequirementsThreatIntelligence.json | 22 + ...ckRequirementsThreatIntelligenceTaxii.json | 22 + .../dataConnectors/ConnectAPIPolling.json | 24 + .../ConnectAPIPollingV2Logs.json | 27 + .../dataConnectors/CreateAPIPolling.json | 368 ++ .../CreateDynamics365DataConnetor.json | 57 + .../dataConnectors/CreateGenericUI.json | 437 +++ .../CreateGoogleCloudPlatform.json | 92 + ...viewInformationProtectionDataConnetor.json | 57 + ...rosoftThreatIntelligenceDataConnector.json | 59 + ...MicrosoftThreatProtectionDataConnetor.json | 81 + .../CreateOffice365ProjectDataConnetor.json | 57 + .../CreateOfficeDataConnetor.json | 75 + .../CreateOfficePowerBIDataConnector.json | 57 + ...CreateThreatIntelligenceDataConnector.json | 59 + ...eThreatIntelligenceTaxiiDataConnector.json | 81 + .../dataConnectors/DeleteAPIPolling.json | 13 + .../dataConnectors/DeleteGenericUI.json | 13 + .../DeleteGoogleCloudPlatform.json | 13 + ...viewInformationProtectionDataConnetor.json | 13 + ...rosoftThreatIntelligenceDataConnector.json | 13 + .../DeleteOffice365ProjectDataConnetor.json | 13 + .../DeleteOfficeDataConnetor.json | 13 + .../DeleteOfficePowerBIDataConnetor.json | 13 + .../dataConnectors/DisconnectAPIPolling.json | 13 + .../dataConnectors/GetAPIPolling.json | 133 + .../GetAmazonWebServicesCloudTrailById.json | 28 + .../GetAmazonWebServicesS3ById.json | 32 + .../GetAzureActiveDirectoryById.json | 28 + .../GetAzureAdvancedThreatProtectionById.json | 28 + .../GetAzureSecurityCenterById.json | 28 + .../dataConnectors/GetDataConnectors.json | 508 +++ .../GetDynamics365DataConnectorById.json | 28 + .../examples/dataConnectors/GetGenericUI.json | 156 + .../GetGoogleCloudPlatformById.json | 35 + .../examples/dataConnectors/GetIoTById.json | 28 + .../GetMicrosoftCloudAppSecurityById.json | 31 + ...tDefenderAdvancedThreatProtectionById.json | 28 + ...GetMicrosoftInsiderRiskManagementById.json | 28 + ...InformationProtectionDataConnetorById.json | 28 + .../GetMicrosoftThreatIntelligenceById.json | 29 + .../GetMicrosoftThreatProtectionById.json | 36 + ...Office365AdvancedThreatProtectionById.json | 28 + .../GetOffice365ProjectDataConnetorById.json | 28 + .../GetOfficeDataConnetorById.json | 34 + .../GetOfficePowerBIDataConnetorById.json | 28 + .../GetThreatIntelligenceById.json | 29 + .../GetThreatIntelligenceTaxiiById.json | 36 + .../examples/enrichment/GetGeodataByIp.json | 31 + .../enrichment/GetWhoisByDomainName.json | 87 + .../entities/GetAccountEntityById.json | 32 + .../entities/GetAzureResourceEntityById.json | 24 + .../GetCloudApplicationEntityById.json | 25 + .../examples/entities/GetDnsEntityById.json | 26 + .../examples/entities/GetEntities.json | 63 + .../examples/entities/GetFileEntityById.json | 24 + .../entities/GetFileHashEntityById.json | 24 + .../examples/entities/GetHostEntityById.json | 31 + .../entities/GetIoTDeviceEntityById.json | 45 + .../examples/entities/GetIpEntityById.json | 23 + .../entities/GetMailClusterEntityById.json | 44 + .../entities/GetMailMessageEntityById.json | 48 + .../entities/GetMailboxEntityById.json | 26 + .../entities/GetMalwareEntityById.json | 24 + .../entities/GetProcessEntityById.json | 25 + .../examples/entities/GetQueries.json | 456 +++ .../entities/GetRegistryKeyEntityById.json | 24 + .../entities/GetRegistryValueEntityById.json | 26 + .../entities/GetSecurityAlertEntityById.json | 51 + .../entities/GetSecurityGroupEntityById.json | 25 + .../entities/GetSubmissionMailEntityById.json | 29 + .../examples/entities/GetUrlEntityById.json | 23 + .../entities/expand/PostExpandEntity.json | 52 + .../entities/insights/PostGetInsights.json | 100 + .../relations/GetAllEntityRelations.json | 28 + .../relations/GetEntityRelationByName.json | 25 + .../entities/timeline/PostTimelineEntity.json | 92 + .../CreateEntityQueryActivity.json | 133 + .../entityQueries/DeleteEntityQuery.json | 13 + .../GetActivityEntityQueryById.json | 54 + .../entityQueries/GetEntityQueries.json | 59 + .../GetExpansionEntityQueryById.json | 34 + .../GetActivityEntityQueryTemplateById.json | 57 + .../GetEntityQueryTemplates.json | 105 + .../fileImports/CreateFileImport.json | 49 + .../fileImports/DeleteFileImport.json | 41 + .../fileImports/GetFileImportById.json | 37 + .../examples/fileImports/GetFileImports.json | 42 + .../examples/hunts/CreateHunt.json | 100 + .../examples/hunts/CreateHuntComment.json | 56 + .../examples/hunts/CreateHuntRelation.json | 53 + .../examples/hunts/DeleteHunt.json | 14 + .../examples/hunts/DeleteHuntComment.json | 15 + .../examples/hunts/DeleteHuntRelation.json | 15 + .../examples/hunts/GetHuntById.json | 43 + .../examples/hunts/GetHuntCommentById.json | 32 + .../examples/hunts/GetHuntComments.json | 27 + .../examples/hunts/GetHuntRelationById.json | 29 + .../examples/hunts/GetHuntRelations.json | 32 + .../examples/hunts/GetHunts.json | 46 + .../IncidentAlerts/Incidents_ListAlerts.json | 50 + .../Incidents_ListBookmarks.json | 47 + .../IncidentComments_CreateOrUpdate.json | 55 + .../IncidentComments_Delete.json | 14 + .../IncidentComments_Get.json | 31 + .../IncidentComments_List.json | 34 + .../Incidents_ListEntities.json | 34 + .../IncidentTasks_CreateOrUpdate.json | 73 + .../IncidentTasks/IncidentTasks_Delete.json | 14 + .../IncidentTasks/IncidentTasks_Get.json | 39 + .../IncidentTasks/IncidentTasks_List.json | 42 + .../IncidentTeam/Incidents_CreateTeam.json | 26 + .../incidents/Incidents_CreateOrUpdate.json | 136 + .../examples/incidents/Incidents_Delete.json | 13 + .../examples/incidents/Incidents_Get.json | 63 + .../examples/incidents/Incidents_List.json | 68 + .../relations/CreateIncidentRelation.json | 43 + .../relations/DeleteIncidentRelation.json | 14 + .../relations/GetAllIncidentRelations.json | 40 + .../relations/GetIncidentRelationByName.json | 25 + .../manualTrigger/Entities_RunPlaybook.json | 17 + .../manualTrigger/Incidents_RunPlaybook.json | 18 + .../examples/metadata/DeleteMetadata.json | 13 + .../examples/metadata/GetAllMetadata.json | 64 + .../metadata/GetAllMetadataOData.json | 52 + .../examples/metadata/GetMetadata.json | 104 + .../examples/metadata/PatchMetadata.json | 35 + .../examples/metadata/PutMetadata.json | 286 ++ .../examples/metadata/PutMetadataMinimal.json | 40 + .../officeConsents/DeleteOfficeConsents.json | 13 + .../officeConsents/GetOfficeConsents.json | 25 + .../officeConsents/GetOfficeConsentsById.json | 22 + .../CreateSentinelOnboardingState.json | 36 + .../DeleteSentinelOnboardingState.json | 13 + .../GetAllSentinelOnboardingStates.json | 24 + .../GetSentinelOnboardingState.json | 21 + .../examples/operations/ListOperations.json | 563 +++ .../recommendations/GetRecommendation.json | 48 + .../recommendations/GetRecommendations.json | 51 + .../recommendations/PatchRecommendation.json | 56 + .../repositories/GetRepositories.json | 25 + ...eateAnomalySecurityMLAnalyticsSetting.json | 245 ++ .../DeleteSecurityMLAnalyticsSetting.json | 13 + .../GetAllSecurityMLAnalyticsSettings.json | 94 + .../GetAnomalySecurityMLAnalyticsSetting.json | 91 + .../settings/DeleteEyesOnSetting.json | 13 + .../examples/settings/GetAllSettings.json | 25 + .../examples/settings/GetEyesOnSetting.json | 22 + .../settings/UpdateEyesOnSetting.json | 28 + .../sourcecontrols/CreateSourceControl.json | 162 + .../sourcecontrols/DeleteSourceControl.json | 27 + .../sourcecontrols/GetSourceControlById.json | 75 + .../sourcecontrols/GetSourceControls.json | 78 + .../AppendTagsThreatIntelligence.json | 18 + .../CollectThreatIntelligenceMetrics.json | 43 + .../CreateThreatIntelligence.json | 100 + .../DeleteThreatIntelligence.json | 13 + .../GetThreatIntelligence.json | 76 + .../GetThreatIntelligenceById.json | 43 + .../QueryThreatIntelligence.json | 107 + .../ReplaceTagsThreatIntelligence.json | 52 + .../UpdateThreatIntelligence.json | 101 + .../triggerRuleRun_Post.json | 23 + .../triggeredAnalyticsRuleRun_Get.json | 29 + .../triggeredAnalyticsRuleRuns_Get.json | 48 + .../examples/watchlists/CreateWatchlist.json | 88 + .../CreateWatchlistAndWatchlistItems.json | 92 + .../watchlists/CreateWatchlistItem.json | 92 + .../examples/watchlists/DeleteWatchlist.json | 18 + .../watchlists/DeleteWatchlistItem.json | 15 + .../watchlists/GetWatchlistByAlias.json | 50 + .../watchlists/GetWatchlistItemById.json | 47 + .../watchlists/GetWatchlistItems.json | 50 + .../examples/watchlists/GetWatchlists.json | 53 + .../CreateJob.json | 24 + ...ateOrUpdateWorkspaceManagerAssignment.json | 62 + .../DeleteJob.json | 14 + .../DeleteWorkspaceManagerAssignment.json | 13 + .../GetAllJobs.json | 46 + .../GetAllWorkspaceManagerAssignments.json | 35 + .../workspaceManagerAssignments/GetJob.json | 43 + .../GetWorkspaceManagerAssignment.json | 32 + ...OrUpdateWorkspaceManagerConfiguration.json | 38 + .../DeleteWorkspaceManagerConfiguration.json | 13 + .../GetAllWorkspaceManagerConfigurations.json | 25 + .../GetWorkspaceManagerConfiguration.json | 22 + .../CreateOrUpdateWorkspaceManagerGroup.json | 53 + .../DeleteWorkspaceManagerGroup.json | 13 + .../GetAllWorkspaceManagerGroups.json | 30 + .../GetWorkspaceManagerGroup.json | 27 + .../CreateOrUpdateWorkspaceManagerMember.json | 41 + .../DeleteWorkspaceManagerMember.json | 13 + .../GetAllWorkspaceManagerMembers.json | 26 + .../GetWorkspaceManagerMember.json | 23 + .../2023-10-01-preview/operations.json | 138 + 295 files changed, 43883 insertions(+) create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json create mode 100644 specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json new file mode 100644 index 000000000000..5d799b33f638 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json @@ -0,0 +1,2543 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules": { + "get": { + "x-ms-examples": { + "Get all alert rules.": { + "$ref": "./examples/alertRules/GetAllAlertRules.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets all alert rules.", + "operationId": "AlertRules_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get a Scheduled alert rule.": { + "$ref": "./examples/alertRules/GetScheduledAlertRule.json" + }, + "Get an Nrt alert rule.": { + "$ref": "./examples/alertRules/GetNrtAlertRule.json" + }, + "Get a Fusion alert rule.": { + "$ref": "./examples/alertRules/GetFusionAlertRule.json" + }, + "Get a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Gets the alert rule.", + "operationId": "AlertRules_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Scheduled alert rule.": { + "$ref": "./examples/alertRules/CreateScheduledAlertRule.json" + }, + "Creates or updates a Nrt alert rule.": { + "$ref": "./examples/alertRules/CreateNrtAlertRule.json" + }, + "Creates or updates a Fusion alert rule.": { + "$ref": "./examples/alertRules/CreateFusionAlertRule.json" + }, + "Creates or updates a Fusion alert rule with scenario exclusion pattern.": { + "$ref": "./examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json" + }, + "Creates or updates a MicrosoftSecurityIncidentCreation rule.": { + "$ref": "./examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Creates or updates the alert rule.", + "operationId": "AlertRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AlertRule" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AlertRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an alert rule.": { + "$ref": "./examples/alertRules/DeleteAlertRule.json" + } + }, + "tags": [ + "Alert Rules" + ], + "description": "Delete the alert rule.", + "operationId": "AlertRules_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions": { + "get": { + "x-ms-examples": { + "Get all actions of alert rule.": { + "$ref": "./examples/actions/GetAllActionsByAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets all actions of alert rule.", + "operationId": "Actions_ListByAlertRule", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}": { + "get": { + "x-ms-examples": { + "Get an action of alert rule.": { + "$ref": "./examples/actions/GetActionOfAlertRuleById.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Gets the action of alert rule.", + "operationId": "Actions_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an action of alert rule.": { + "$ref": "./examples/actions/CreateActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Creates or updates the action of alert rule.", + "operationId": "Actions_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + }, + { + "$ref": "#/parameters/Action" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ActionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an action of alert rule.": { + "$ref": "./examples/actions/DeleteActionOfAlertRule.json" + } + }, + "tags": [ + "Actions" + ], + "description": "Delete the action of alert rule.", + "operationId": "Actions_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ActionId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates": { + "get": { + "x-ms-examples": { + "Get all alert rule templates.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplates.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets all alert rule templates.", + "operationId": "AlertRuleTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplatesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}": { + "get": { + "x-ms-examples": { + "Get alert rule template by Id.": { + "$ref": "./examples/alertRuleTemplates/GetAlertRuleTemplateById.json" + } + }, + "tags": [ + "Alert Rule Templates" + ], + "description": "Gets the alert rule template.", + "operationId": "AlertRuleTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AlertRuleTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AlertRuleTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Action": { + "description": "The action", + "in": "body", + "name": "action", + "required": true, + "schema": { + "$ref": "#/definitions/ActionRequest" + }, + "x-ms-parameter-location": "method" + }, + "ActionId": { + "description": "Action ID", + "in": "path", + "name": "actionId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AlertRule": { + "description": "The alert rule", + "in": "body", + "name": "alertRule", + "required": true, + "schema": { + "$ref": "#/definitions/AlertRule" + }, + "x-ms-parameter-location": "method" + }, + "AlertRuleTemplateId": { + "description": "Alert rule template ID", + "in": "path", + "name": "alertRuleTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "AlertRule": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Alert rule.", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "AlertRuleKindEnum": { + "description": "The kind of the alert rule", + "enum": [ + "Scheduled", + "MicrosoftSecurityIncidentCreation", + "Fusion", + "MLBehaviorAnalytics", + "ThreatIntelligence", + "NRT" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertRuleKind", + "values": [ + { + "value": "Scheduled" + }, + { + "value": "MicrosoftSecurityIncidentCreation" + }, + { + "value": "Fusion" + }, + { + "value": "MLBehaviorAnalytics" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "NRT" + } + ] + } + }, + "AlertRuleTemplate": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Alert rule template.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/AlertRuleKindEnum", + "description": "The kind of the alert rule" + } + }, + "required": [ + "kind" + ] + }, + "AlertRuleTemplateDataSource": { + "description": "alert rule template data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the alert rule template", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AlertRuleTemplatePropertiesBase": { + "description": "Base alert rule template property bag.", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "type": "integer", + "format": "int32" + }, + "lastUpdatedDateUTC": { + "description": "The last time that this alert rule template has been updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ], + "type": "array" + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status." + } + }, + "type": "object" + }, + "AlertRuleTemplateStatus": { + "description": "The alert rule template status.", + "enum": [ + "Installed", + "Available", + "NotAvailable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "TemplateStatus", + "values": [ + { + "description": "Alert rule template installed. and can not use more then once", + "value": "Installed" + }, + { + "description": "Alert rule template is available.", + "value": "Available" + }, + { + "description": "Alert rule template is not available", + "value": "NotAvailable" + } + ] + } + }, + "AlertRuleTemplateWithMitreProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "Alert rule template with MITRE property bag.", + "properties": { + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "QueryBasedAlertRuleTemplateProperties": { + "description": "Query based alert rule template base property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "version": { + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", + "type": "string" + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "AlertRuleTemplatesList": { + "description": "List all the alert rule templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rule templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rule templates.", + "items": { + "$ref": "#/definitions/AlertRuleTemplate" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AlertRuleTriggerOperator": { + "description": "The operation against the threshold that triggers alert rule.", + "enum": [ + "GreaterThan", + "LessThan", + "Equal", + "NotEqual" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "TriggerOperator" + } + }, + "AlertRulesList": { + "description": "List all the alert rules.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of alert rules.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of alert rules.", + "items": { + "$ref": "#/definitions/AlertRule" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "MLBehaviorAnalyticsAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MLBehaviorAnalyticsAlertRuleProperties", + "description": "MLBehaviorAnalytics alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "MLBehaviorAnalyticsAlertRuleProperties": { + "description": "MLBehaviorAnalytics alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "MLBehaviorAnalyticsAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MLBehaviorAnalytics alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ], + "description": "MLBehaviorAnalytics alert rule template properties.", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + } + }, + "type": "object", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MLBehaviorAnalytics" + }, + "FusionAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Fusion alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleProperties", + "description": "Fusion alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleProperties": { + "description": "Fusion alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "sourceSettings": { + "description": "Configuration for all supported source signals in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSettings" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "scenarioExclusionPatterns": { + "description": "Configuration to exclude scenarios in fusion detection.", + "items": { + "$ref": "#/definitions/FusionScenarioExclusionPattern" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "FusionSourceSettings": { + "description": "Represents a supported source signal configuration in Fusion detection.", + "properties": { + "enabled": { + "description": "Determines whether this source signal is enabled or disabled in Fusion detection.", + "type": "boolean" + }, + "sourceName": { + "description": "Name of the Fusion source signal. Refer to Fusion alert rule template for supported values.", + "type": "string" + }, + "sourceSubTypes": { + "description": "Configuration for all source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionSourceSubTypeSetting" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "enabled", + "sourceName" + ], + "type": "object" + }, + "FusionSourceSubTypeSetting": { + "description": "Represents a supported source subtype configuration under a source signal in Fusion detection.", + "properties": { + "enabled": { + "description": "Determines whether this source subtype under source signal is enabled or disabled in Fusion detection.", + "type": "boolean" + }, + "sourceSubTypeName": { + "description": "The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values.", + "type": "string" + }, + "sourceSubTypeDisplayName": { + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "type": "string", + "readOnly": true + }, + "severityFilters": { + "description": "Severity configuration for a source subtype consumed in fusion detection.", + "$ref": "#/definitions/FusionSubTypeSeverityFilter", + "type": "object" + } + }, + "required": [ + "enabled", + "sourceSubTypeName", + "severityFilters" + ], + "type": "object" + }, + "FusionSubTypeSeverityFilter": { + "description": "Represents severity configuration for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "description": "Determines whether this source subtype supports severity configuration or not.", + "type": "boolean", + "readOnly": true + }, + "filters": { + "description": "Individual Severity configuration settings for a given source subtype consumed in Fusion detection.", + "items": { + "$ref": "#/definitions/FusionSubTypeSeverityFiltersItem" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "FusionSubTypeSeverityFiltersItem": { + "description": "Represents a Severity filter setting for a given source subtype consumed in Fusion detection.", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The Severity for a given source subtype consumed in Fusion detection." + }, + "enabled": { + "description": "Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection.", + "type": "boolean" + } + }, + "required": [ + "severity", + "enabled" + ], + "type": "object" + }, + "FusionScenarioExclusionPattern": { + "description": "Represents a Fusion scenario exclusion patterns in Fusion detection.", + "properties": { + "exclusionPattern": { + "description": "Scenario exclusion pattern.", + "type": "string" + }, + "dateAddedInUTC": { + "description": "DateTime when scenario exclusion pattern is added in UTC.", + "type": "string" + } + }, + "required": [ + "exclusionPattern", + "dateAddedInUTC" + ], + "type": "object" + }, + "FusionAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Fusion alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/FusionAlertRuleTemplateProperties", + "description": "Fusion alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Fusion" + }, + "FusionAlertRuleTemplateProperties": { + "description": "Fusion alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastUpdatedDateUTC": { + "description": "The time that this alert rule template was last updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceSettings": { + "description": "All supported source signal configurations consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSetting" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object", + "x-ms-client-flatten": true + }, + "FusionTemplateSourceSetting": { + "description": "Represents a source signal consumed in Fusion detection.", + "properties": { + "sourceName": { + "description": "The name of a source signal consumed in Fusion detection.", + "type": "string" + }, + "sourceSubTypes": { + "description": "All supported source subtypes under this source signal consumed in fusion detection.", + "items": { + "$ref": "#/definitions/FusionTemplateSourceSubType" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "sourceName" + ], + "type": "object" + }, + "FusionTemplateSourceSubType": { + "description": "Represents a source subtype under a source signal consumed in Fusion detection.", + "properties": { + "sourceSubTypeName": { + "description": "The name of source subtype under a source signal consumed in Fusion detection.", + "type": "string" + }, + "sourceSubTypeDisplayName": { + "description": "The display name of source subtype under a source signal consumed in Fusion detection.", + "type": "string", + "readOnly": true + }, + "severityFilter": { + "description": "Severity configuration available for a source subtype consumed in fusion detection.", + "$ref": "#/definitions/FusionTemplateSubTypeSeverityFilter", + "type": "object" + } + }, + "required": [ + "sourceSubTypeName", + "severityFilter" + ], + "type": "object" + }, + "FusionTemplateSubTypeSeverityFilter": { + "description": "Represents severity configurations available for a source subtype consumed in Fusion detection.", + "properties": { + "isSupported": { + "description": "Determines whether severity configuration is supported for this source subtype consumed in Fusion detection.", + "type": "boolean" + }, + "severityFilters": { + "description": "List of all supported severities for this source subtype consumed in Fusion detection.", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "isSupported" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents Threat Intelligence alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceAlertRuleProperties", + "description": "Threat Intelligence alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "ThreatIntelligenceAlertRuleProperties": { + "description": "Threat Intelligence alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "readOnly": true, + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule.", + "readOnly": true + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "required": [ + "alertRuleTemplateName", + "enabled" + ], + "type": "object" + }, + "ThreatIntelligenceAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents Threat Intelligence alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + } + ], + "description": "Threat Intelligence alert rule template properties", + "properties": { + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + } + }, + "required": [ + "displayName", + "description", + "status", + "severity", + "alertRulesCreatedByTemplateCount" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "MicrosoftSecurityIncidentCreationAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleProperties", + "description": "MicrosoftSecurityIncidentCreation rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties": { + "description": "MicrosoftSecurityIncidentCreation rule common property bag.", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "type": "array" + } + }, + "required": [ + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityProductName": { + "description": "The alerts' productName on which the cases will be generated", + "enum": [ + "Microsoft Cloud App Security", + "Azure Security Center", + "Azure Advanced Threat Protection", + "Azure Active Directory Identity Protection", + "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", + "Microsoft Defender Advanced Threat Protection" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MicrosoftSecurityProductName" + } + }, + "MicrosoftSecurityIncidentCreationAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleCommonProperties" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "productFilter" + ], + "type": "object" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents MicrosoftSecurityIncidentCreation rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "required": [ + "displayName", + "description", + "createdDateUTC", + "status", + "alertRulesCreatedByTemplateCount", + "productFilter" + ], + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftSecurityIncidentCreation" + }, + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplatePropertiesBase" + } + ], + "description": "MicrosoftSecurityIncidentCreation rule template properties", + "properties": { + "displayNamesFilter": { + "description": "the alerts' displayNames on which the cases will be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayNamesExcludeFilter": { + "description": "the alerts' displayNames on which the cases will not be generated", + "items": { + "type": "string" + }, + "type": "array" + }, + "productFilter": { + "$ref": "#/definitions/MicrosoftSecurityProductName", + "description": "The alerts' productName on which the cases will be generated" + }, + "severitiesFilter": { + "description": "the alerts' severities on which the cases will be generated", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum" + }, + "type": "array" + } + }, + "type": "object", + "x-ms-client-flatten": true + }, + "ScheduledAlertRuleProperties": { + "allOf": [ + { + "$ref": "#/definitions/ScheduledAlertRuleCommonProperties" + } + ], + "description": "Scheduled alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "templateVersion": { + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object", + "x-ms-client-flatten": true + }, + "NrtAlertRuleProperties": { + "description": "Nrt alert rule base property bag.", + "properties": { + "alertRuleTemplateName": { + "description": "The Name of the alert rule template used to create this rule.", + "type": "string" + }, + "templateVersion": { + "description": "The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 <1.0.2>", + "type": "string" + }, + "description": { + "description": "The description of the alert rule.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert rule", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The display name for alerts created by this alert rule.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this alert rule is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this alert rule has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "suppressionDuration": { + "description": "The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.", + "format": "duration", + "type": "string" + }, + "suppressionEnabled": { + "description": "Determines whether the suppression for this alert rule is enabled or disabled.", + "type": "boolean" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "incidentConfiguration": { + "$ref": "#/definitions/IncidentConfiguration", + "description": "The settings of the incidents that created from alerts triggered by this analytics rule" + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "required": [ + "displayName", + "enabled", + "severity", + "query", + "suppressionEnabled", + "suppressionDuration" + ], + "type": "object", + "x-ms-client-flatten": true + }, + "ScheduledAlertRuleTemplateProperties": { + "description": "Scheduled alert rule template properties", + "properties": { + "alertRulesCreatedByTemplateCount": { + "description": "the number of alert rules that were created by this template", + "format": "int32", + "type": "integer" + }, + "createdDateUTC": { + "description": "The time that this alert rule template has been added.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastUpdatedDateUTC": { + "description": "The time that this alert rule template was last updated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "description": { + "description": "The description of the alert rule template.", + "type": "string" + }, + "displayName": { + "description": "The display name for alert rule template.", + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data connectors for this template", + "items": { + "$ref": "#/definitions/AlertRuleTemplateDataSource" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "status": { + "$ref": "#/definitions/AlertRuleTemplateStatus", + "description": "The alert rule template status.", + "type": "string" + }, + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "format": "int32", + "type": "integer" + }, + "tactics": { + "description": "The tactics of the alert rule template", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "techniques": { + "description": "The techniques of the alert rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "version": { + "description": "The version of this template - in format , where all are numbers. For example <1.0.2>.", + "type": "string" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "ScheduledAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents scheduled alert rule template.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleTemplateProperties", + "description": "Scheduled alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "queryFrequency", + "queryPeriod", + "triggerOperator", + "triggerThreshold", + "version" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "NrtAlertRuleTemplate": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplate" + } + ], + "description": "Represents NRT alert rule template.", + "properties": { + "properties": { + "allOf": [ + { + "$ref": "#/definitions/AlertRuleTemplateWithMitreProperties" + }, + { + "$ref": "#/definitions/QueryBasedAlertRuleTemplateProperties" + } + ], + "description": "NRT alert rule template properties", + "required": [ + "displayName", + "description", + "status", + "alertRulesCreatedByTemplateCount", + "severity", + "query", + "version" + ], + "type": "object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "NRT" + }, + "EventGroupingSettings": { + "description": "Event grouping settings property bag.", + "properties": { + "aggregationKind": { + "$ref": "#/definitions/EventGroupingAggregationKind" + } + }, + "type": "object" + }, + "EventGroupingAggregationKind": { + "description": "The event grouping aggregation kinds", + "enum": [ + "SingleAlert", + "AlertPerResult" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EventGroupingAggregationKind" + } + }, + "ScheduledAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents scheduled alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ScheduledAlertRuleProperties", + "description": "Scheduled alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Scheduled" + }, + "NrtAlertRule": { + "allOf": [ + { + "$ref": "#/definitions/AlertRule" + } + ], + "description": "Represents NRT alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/NrtAlertRuleProperties", + "description": "NRT alert rule properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "NRT" + }, + "ScheduledAlertRuleCommonProperties": { + "description": "Scheduled alert rule template property bag.", + "properties": { + "query": { + "description": "The query that creates alerts for this rule.", + "type": "string" + }, + "queryFrequency": { + "description": "The frequency (in ISO 8601 duration format) for this alert rule to run.", + "format": "duration", + "type": "string" + }, + "queryPeriod": { + "description": "The period (in ISO 8601 duration format) that this alert rule looks at.", + "format": "duration", + "type": "string" + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity for alerts created by this alert rule." + }, + "triggerOperator": { + "$ref": "#/definitions/AlertRuleTriggerOperator", + "description": "The operation against the threshold that triggers alert rule." + }, + "triggerThreshold": { + "description": "The threshold triggers this alert rule.", + "type": "integer", + "format": "int32" + }, + "eventGroupingSettings": { + "$ref": "#/definitions/EventGroupingSettings", + "description": "The event grouping settings." + }, + "customDetails": { + "description": "Dictionary of string key-value pairs of columns to be attached to the alert", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappings", + "description": "Array of the entity mappings of the alert rule" + }, + "alertDetailsOverride": { + "type": "object", + "$ref": "#/definitions/AlertDetailsOverride", + "description": "The alert details override settings" + }, + "sentinelEntitiesMappings": { + "$ref": "#/definitions/SentinelEntitiesMappings", + "description": "Array of the sentinel entity mappings of the alert rule" + } + }, + "type": "object" + }, + "EntityMappings": { + "description": "List of entity mappings of the alert rule", + "type": "array", + "items": { + "$ref": "#/definitions/EntityMapping" + }, + "x-ms-identifiers": [] + }, + "EntityMapping": { + "description": "Single entity mapping for the alert rule", + "properties": { + "entityType": { + "$ref": "#/definitions/EntityMappingType" + }, + "fieldMappings": { + "description": "array of field mappings for the given entity mapping", + "type": "array", + "items": { + "$ref": "#/definitions/FieldMapping" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "FieldMapping": { + "description": "A single field mapping of the mapped entity", + "properties": { + "identifier": { + "description": "the V3 identifier of the entity", + "type": "string" + }, + "columnName": { + "description": "the column name to be mapped to the identifier", + "type": "string" + } + }, + "type": "object" + }, + "SentinelEntitiesMappings": { + "description": "List of sentinel entity mappings of the alert rule", + "type": "array", + "items": { + "$ref": "#/definitions/SentinelEntityMapping" + }, + "x-ms-identifiers": [] + }, + "SentinelEntityMapping": { + "description": "A single sentinel entity mapping", + "properties": { + "columnName": { + "description": "the column name to be mapped to the SentinelEntities", + "type": "string" + } + }, + "type": "object" + }, + "AlertDetailsOverride": { + "description": "Settings for how to dynamically override alert static details", + "properties": { + "alertDisplayNameFormat": { + "description": "the format containing columns name(s) to override the alert name", + "type": "string" + }, + "alertDescriptionFormat": { + "description": "the format containing columns name(s) to override the alert description", + "type": "string" + }, + "alertTacticsColumnName": { + "description": "the column name to take the alert tactics from", + "type": "string" + }, + "alertSeverityColumnName": { + "description": "the column name to take the alert severity from", + "type": "string" + }, + "alertDynamicProperties": { + "description": "List of additional dynamic properties to override", + "type": "array", + "items": { + "$ref": "#/definitions/AlertPropertyMapping" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "AlertPropertyMapping": { + "description": "A single alert property mapping to override", + "properties": { + "alertProperty": { + "$ref": "#/definitions/AlertProperty" + }, + "value": { + "description": "the column name to use to override this property", + "type": "string" + } + }, + "type": "object" + }, + "IncidentConfiguration": { + "description": "Incident Configuration property bag.", + "properties": { + "createIncident": { + "description": "Create incidents from alerts triggered by this analytics rule", + "type": "boolean" + }, + "groupingConfiguration": { + "$ref": "#/definitions/GroupingConfiguration", + "description": "Set how the alerts that are triggered by this analytics rule, are grouped into incidents" + } + }, + "type": "object", + "required": [ + "createIncident" + ] + }, + "GroupingConfiguration": { + "description": "Grouping configuration property bag.", + "properties": { + "enabled": { + "description": "Grouping enabled", + "type": "boolean" + }, + "reopenClosedIncident": { + "description": "Re-open closed matching incidents", + "type": "boolean" + }, + "lookbackDuration": { + "description": "Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "matchingMethod": { + "description": "Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.", + "enum": [ + "AllEntities", + "AnyAlert", + "Selected" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MatchingMethod", + "values": [ + { + "description": "Grouping alerts into a single incident if all the entities match", + "value": "AllEntities" + }, + { + "description": "Grouping any alerts triggered by this rule into a single incident", + "value": "AnyAlert" + }, + { + "description": "Grouping alerts into a single incident if the selected entities, custom details and alert details match", + "value": "Selected" + } + ] + } + }, + "groupByEntities": { + "description": "A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.", + "items": { + "$ref": "#/definitions/EntityMappingType" + }, + "type": "array" + }, + "groupByAlertDetails": { + "description": "A list of alert details to group by (when matchingMethod is Selected)", + "items": { + "description": "Alert detail", + "enum": [ + "DisplayName", + "Severity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertDetail", + "values": [ + { + "description": "Alert display name", + "value": "DisplayName" + }, + { + "description": "Alert severity", + "value": "Severity" + } + ] + } + }, + "type": "array" + }, + "groupByCustomDetails": { + "description": "A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "enabled", + "reopenClosedIncident", + "lookbackDuration", + "matchingMethod" + ] + }, + "ActionRequest": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionRequestProperties", + "description": "Action properties for put request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionPropertiesBase": { + "description": "Action property bag base.", + "properties": { + "logicAppResourceId": { + "description": "Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.", + "type": "string" + } + }, + "required": [ + "logicAppResourceId" + ], + "type": "object" + }, + "ActionRequestProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "triggerUri": { + "description": "Logic App Callback URL for this specific workflow.", + "type": "string", + "x-ms-secret": true + } + }, + "required": [ + "triggerUri" + ], + "type": "object" + }, + "ActionResponse": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Action for alert rule.", + "properties": { + "properties": { + "$ref": "#/definitions/ActionResponseProperties", + "description": "Action properties for get request", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "ActionResponseProperties": { + "allOf": [ + { + "$ref": "#/definitions/ActionPropertiesBase" + } + ], + "description": "Action property bag.", + "properties": { + "workflowId": { + "description": "The name of the logic app's workflow.", + "type": "string" + } + }, + "type": "object" + }, + "ActionsList": { + "description": "List all the actions.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of actions.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of actions.", + "items": { + "$ref": "#/definitions/ActionResponse" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "EntityMappingType": { + "description": "The V3 type of the mapped entity", + "enum": [ + "Account", + "Host", + "IP", + "Malware", + "File", + "Process", + "CloudApplication", + "DNS", + "AzureResource", + "FileHash", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityMappingType", + "values": [ + { + "description": "User account entity type", + "value": "Account" + }, + { + "description": "Host entity type", + "value": "Host" + }, + { + "description": "IP address entity type", + "value": "IP" + }, + { + "description": "Malware entity type", + "value": "Malware" + }, + { + "description": "System file entity type", + "value": "File" + }, + { + "description": "Process entity type", + "value": "Process" + }, + { + "description": "Cloud app entity type", + "value": "CloudApplication" + }, + { + "description": "DNS entity type", + "value": "DNS" + }, + { + "description": "Azure resource entity type", + "value": "AzureResource" + }, + { + "description": "File-hash entity type", + "value": "FileHash" + }, + { + "description": "Registry key entity type", + "value": "RegistryKey" + }, + { + "description": "Registry value entity type", + "value": "RegistryValue" + }, + { + "description": "Security group entity type", + "value": "SecurityGroup" + }, + { + "description": "URL entity type", + "value": "URL" + }, + { + "description": "Mailbox entity type", + "value": "Mailbox" + }, + { + "description": "Mail cluster entity type", + "value": "MailCluster" + }, + { + "description": "Mail message entity type", + "value": "MailMessage" + }, + { + "description": "Submission mail entity type", + "value": "SubmissionMail" + } + ] + } + }, + "AlertProperty": { + "description": "The V3 alert property", + "enum": [ + "AlertLink", + "ConfidenceLevel", + "ConfidenceScore", + "ExtendedLinks", + "ProductName", + "ProviderName", + "ProductComponentName", + "RemediationSteps", + "Techniques" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertProperty", + "values": [ + { + "description": "Alert's link", + "value": "AlertLink" + }, + { + "description": "Confidence level property", + "value": "ConfidenceLevel" + }, + { + "description": "Confidence score", + "value": "ConfidenceScore" + }, + { + "description": "Extended links to the alert", + "value": "ExtendedLinks" + }, + { + "description": "Product name alert property", + "value": "ProductName" + }, + { + "description": "Provider name alert property", + "value": "ProviderName" + }, + { + "description": "Product component name alert property", + "value": "ProductComponentName" + }, + { + "description": "Remediation steps alert property", + "value": "RemediationSteps" + }, + { + "description": "Techniques alert property", + "value": "Techniques" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json new file mode 100644 index 000000000000..2138ecb7e7c7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json @@ -0,0 +1,1495 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { + "get": { + "tags": [ + "automationRules" + ], + "description": "Gets the automation rule.", + "operationId": "AutomationRules_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Get": { + "$ref": "./examples/automationRules/AutomationRules_Get.json" + } + } + }, + "put": { + "tags": [ + "automationRules" + ], + "description": "Creates or updates the automation rule.", + "operationId": "AutomationRules_CreateOrUpdate", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + }, + { + "in": "body", + "name": "automationRuleToUpsert", + "description": "The automation rule", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_CreateOrUpdate": { + "$ref": "./examples/automationRules/AutomationRules_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "automationRules" + ], + "description": "Delete the automation rule.", + "operationId": "AutomationRules_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/AutomationRuleId" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "type": "object" + } + }, + "204": { + "description": "No Content", + "schema": { + "type": "object" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "AutomationRules_Delete": { + "$ref": "./examples/automationRules/AutomationRules_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules": { + "get": { + "tags": [ + "automationRules" + ], + "description": "Gets all automation rules.", + "operationId": "AutomationRules_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "Ok", + "schema": { + "$ref": "#/definitions/AutomationRulesList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "AutomationRules_List": { + "$ref": "./examples/automationRules/AutomationRules_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook": { + "post": { + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific entity.", + "operationId": "Entities_RunPlaybook", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "entityIdentifier", + "description": "Entity identifier.", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "requestBody", + "description": "Describes the request body for triggering a playbook on an entity.", + "schema": { + "$ref": "#/definitions/EntityManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Entities_RunPlaybook": { + "$ref": "./examples/manualTrigger/Entities_RunPlaybook.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook": { + "post": { + "tags": [ + "manualTrigger" + ], + "description": "Triggers playbook on a specific incident", + "operationId": "Incidents_RunPlaybook", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "in": "path", + "name": "incidentIdentifier", + "required": true, + "type": "string" + }, + { + "in": "body", + "name": "requestBody", + "schema": { + "$ref": "#/definitions/ManualTriggerRequestBody" + } + } + ], + "responses": { + "204": { + "description": "Success", + "schema": { + "type": "object" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_RunPlaybook": { + "$ref": "./examples/manualTrigger/Incidents_RunPlaybook.json" + } + } + } + } + }, + "definitions": { + "ActionType": { + "description": "The type of the automation rule action.", + "enum": [ + "ModifyProperties", + "RunPlaybook", + "AddIncidentTask" + ], + "type": "string", + "example": "ModifyProperties", + "x-ms-enum": { + "name": "ActionType", + "modelAsString": true, + "values": [ + { + "value": "ModifyProperties", + "description": "Modify an object's properties" + }, + { + "value": "RunPlaybook", + "description": "Run a playbook on an object" + }, + { + "value": "AddIncidentTask", + "description": "Add a task to an incident object" + } + ] + } + }, + "AddIncidentTaskActionProperties": { + "required": [ + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the task.", + "type": "string" + }, + "description": { + "description": "The description of the task.", + "type": "string" + } + } + }, + "AutomationRule": { + "required": [ + "properties" + ], + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/AutomationRuleProperties", + "x-ms-client-flatten": true + } + } + }, + "AutomationRuleAction": { + "description": "Describes an automation rule action.", + "required": [ + "actionType", + "order" + ], + "type": "object", + "properties": { + "order": { + "format": "int32", + "type": "integer" + }, + "actionType": { + "$ref": "#/definitions/ActionType" + } + }, + "discriminator": "actionType" + }, + "AutomationRuleAddIncidentTaskAction": { + "description": "Describes an automation rule action to add a task to an incident", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/AddIncidentTaskActionProperties" + } + }, + "x-ms-discriminator-value": "AddIncidentTask", + "x-ms-client-flatten": true + }, + "AutomationRuleBooleanCondition": { + "type": "object", + "properties": { + "operator": { + "$ref": "#/definitions/AutomationRuleBooleanConditionSupportedOperator" + }, + "innerConditions": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [], + "minItems": 2, + "maxItems": 10 + } + } + }, + "AutomationRuleBooleanConditionSupportedOperator": { + "enum": [ + "And", + "Or" + ], + "type": "string", + "example": "And", + "x-ms-enum": { + "name": "AutomationRuleBooleanConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "value": "And", + "description": "Evaluates as true if all the item conditions are evaluated as true" + }, + { + "value": "Or", + "description": "Evaluates as true if at least one of the item conditions are evaluated as true" + } + ] + } + }, + "AutomationRuleCondition": { + "description": "Describes an automation rule condition.", + "required": [ + "conditionType" + ], + "type": "object", + "properties": { + "conditionType": { + "$ref": "#/definitions/ConditionType" + } + }, + "discriminator": "conditionType" + }, + "AutomationRuleModifyPropertiesAction": { + "description": "Describes an automation rule action to modify an object's properties", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/IncidentPropertiesAction" + } + }, + "x-ms-discriminator-value": "ModifyProperties", + "x-ms-client-flatten": true + }, + "AutomationRuleProperties": { + "description": "Automation rule properties", + "required": [ + "actions", + "displayName", + "order", + "triggeringLogic" + ], + "type": "object", + "properties": { + "displayName": { + "description": "The display name of the automation rule.", + "type": "string", + "maxLength": 500 + }, + "order": { + "format": "int32", + "description": "The order of execution of the automation rule.", + "type": "integer", + "minimum": 1, + "maximum": 1000 + }, + "triggeringLogic": { + "$ref": "#/definitions/AutomationRuleTriggeringLogic" + }, + "actions": { + "description": "The actions to execute when the automation rule is triggered.", + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleAction" + }, + "x-ms-identifiers": [], + "maxItems": 20 + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the automation rule was updated.", + "type": "string", + "readOnly": true + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the automation rule was created.", + "type": "string", + "readOnly": true + }, + "lastModifiedBy": { + "readOnly": true, + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + }, + "createdBy": { + "readOnly": true, + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + } + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedArrayType": { + "enum": [ + "Alerts", + "Labels", + "Tactics", + "Comments" + ], + "type": "string", + "example": "Alerts", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "value": "Alerts", + "description": "Evaluate the condition on the alerts" + }, + { + "value": "Labels", + "description": "Evaluate the condition on the labels" + }, + { + "value": "Tactics", + "description": "Evaluate the condition on the tactics" + }, + { + "value": "Comments", + "description": "Evaluate the condition on the comments" + } + ] + } + }, + "AutomationRulePropertyArrayChangedConditionSupportedChangeType": { + "enum": [ + "Added" + ], + "type": "string", + "example": "Added", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayChangedConditionSupportedChangeType", + "modelAsString": true, + "values": [ + { + "value": "Added", + "description": "Evaluate the condition on items added to the array" + } + ] + } + }, + "AutomationRulePropertyArrayChangedValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedArrayType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyArrayChangedConditionSupportedChangeType" + } + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayConditionType": { + "enum": [ + "AnyItem" + ], + "type": "string", + "example": "AnyItem", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayConditionType", + "modelAsString": true, + "values": [ + { + "value": "AnyItem", + "description": "Evaluate the condition as true if any item fulfills it" + } + ] + } + }, + "AutomationRulePropertyArrayConditionSupportedArrayType": { + "enum": [ + "CustomDetails", + "CustomDetailValues" + ], + "type": "string", + "example": "CustomDetails", + "x-ms-enum": { + "name": "AutomationRulePropertyArrayConditionSupportedArrayType", + "modelAsString": true, + "values": [ + { + "value": "CustomDetails", + "description": "Evaluate the condition on the custom detail keys" + }, + { + "value": "CustomDetailValues", + "description": "Evaluate the condition on a custom detail's values" + } + ] + } + }, + "AutomationRulePropertyArrayValuesCondition": { + "type": "object", + "properties": { + "arrayType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayType" + }, + "arrayConditionType": { + "$ref": "#/definitions/AutomationRulePropertyArrayConditionSupportedArrayConditionType" + }, + "itemConditions": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [], + "maxItems": 10 + } + } + }, + "AutomationRulePropertyChangedConditionSupportedChangedType": { + "enum": [ + "ChangedFrom", + "ChangedTo" + ], + "type": "string", + "example": "ChangedFrom", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedChangedType", + "modelAsString": true, + "values": [ + { + "value": "ChangedFrom", + "description": "Evaluate the condition on the previous value of the property" + }, + { + "value": "ChangedTo", + "description": "Evaluate the condition on the updated value of the property" + } + ] + } + }, + "AutomationRulePropertyChangedConditionSupportedPropertyType": { + "enum": [ + "IncidentSeverity", + "IncidentStatus", + "IncidentOwner" + ], + "type": "string", + "example": "IncidentSeverity", + "x-ms-enum": { + "name": "AutomationRulePropertyChangedConditionSupportedPropertyType", + "modelAsString": true, + "values": [ + { + "value": "IncidentSeverity", + "description": "Evaluate the condition on the incident severity" + }, + { + "value": "IncidentStatus", + "description": "Evaluate the condition on the incident status" + }, + { + "value": "IncidentOwner", + "description": "Evaluate the condition on the incident owner" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedOperator": { + "enum": [ + "Equals", + "NotEquals", + "Contains", + "NotContains", + "StartsWith", + "NotStartsWith", + "EndsWith", + "NotEndsWith" + ], + "type": "string", + "example": "Equals", + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedOperator", + "modelAsString": true, + "values": [ + { + "value": "Equals", + "description": "Evaluates if the property equals at least one of the condition values" + }, + { + "value": "NotEquals", + "description": "Evaluates if the property does not equal any of the condition values" + }, + { + "value": "Contains", + "description": "Evaluates if the property contains at least one of the condition values" + }, + { + "value": "NotContains", + "description": "Evaluates if the property does not contain any of the condition values" + }, + { + "value": "StartsWith", + "description": "Evaluates if the property starts with any of the condition values" + }, + { + "value": "NotStartsWith", + "description": "Evaluates if the property does not start with any of the condition values" + }, + { + "value": "EndsWith", + "description": "Evaluates if the property ends with any of the condition values" + }, + { + "value": "NotEndsWith", + "description": "Evaluates if the property does not end with any of the condition values" + } + ] + } + }, + "AutomationRulePropertyConditionSupportedProperty": { + "description": "The property to evaluate in an automation rule property condition.", + "enum": [ + "IncidentTitle", + "IncidentDescription", + "IncidentSeverity", + "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", + "IncidentTactics", + "IncidentLabel", + "IncidentProviderName", + "IncidentUpdatedBySource", + "IncidentCustomDetailsKey", + "IncidentCustomDetailsValue", + "AccountAadTenantId", + "AccountAadUserId", + "AccountName", + "AccountNTDomain", + "AccountPUID", + "AccountSid", + "AccountObjectGuid", + "AccountUPNSuffix", + "AlertProductNames", + "AlertAnalyticRuleIds", + "AzureResourceResourceId", + "AzureResourceSubscriptionId", + "CloudApplicationAppId", + "CloudApplicationAppName", + "DNSDomainName", + "FileDirectory", + "FileName", + "FileHashValue", + "HostAzureID", + "HostName", + "HostNetBiosName", + "HostNTDomain", + "HostOSVersion", + "IoTDeviceId", + "IoTDeviceName", + "IoTDeviceType", + "IoTDeviceVendor", + "IoTDeviceModel", + "IoTDeviceOperatingSystem", + "IPAddress", + "MailboxDisplayName", + "MailboxPrimaryAddress", + "MailboxUPN", + "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", + "MailMessageRecipient", + "MailMessageSenderIP", + "MailMessageSubject", + "MailMessageP1Sender", + "MailMessageP2Sender", + "MalwareCategory", + "MalwareName", + "ProcessCommandLine", + "ProcessId", + "RegistryKey", + "RegistryValueData", + "Url" + ], + "type": "string", + "example": "IncidentTitle", + "x-ms-enum": { + "name": "AutomationRulePropertyConditionSupportedProperty", + "modelAsString": true, + "values": [ + { + "value": "IncidentTitle", + "description": "The title of the incident" + }, + { + "value": "IncidentDescription", + "description": "The description of the incident" + }, + { + "value": "IncidentSeverity", + "description": "The severity of the incident" + }, + { + "value": "IncidentStatus", + "description": "The status of the incident" + }, + { + "value": "IncidentRelatedAnalyticRuleIds", + "description": "The related Analytic rule ids of the incident" + }, + { + "value": "IncidentTactics", + "description": "The tactics of the incident" + }, + { + "value": "IncidentLabel", + "description": "The labels of the incident" + }, + { + "value": "IncidentProviderName", + "description": "The provider name of the incident" + }, + { + "value": "IncidentUpdatedBySource", + "description": "The update source of the incident" + }, + { + "value": "IncidentCustomDetailsKey", + "description": "The incident custom detail key" + }, + { + "value": "IncidentCustomDetailsValue", + "description": "The incident custom detail value" + }, + { + "value": "AccountAadTenantId", + "description": "The account Azure Active Directory tenant id" + }, + { + "value": "AccountAadUserId", + "description": "The account Azure Active Directory user id" + }, + { + "value": "AccountName", + "description": "The account name" + }, + { + "value": "AccountNTDomain", + "description": "The account NetBIOS domain name" + }, + { + "value": "AccountPUID", + "description": "The account Azure Active Directory Passport User ID" + }, + { + "value": "AccountSid", + "description": "The account security identifier" + }, + { + "value": "AccountObjectGuid", + "description": "The account unique identifier" + }, + { + "value": "AccountUPNSuffix", + "description": "The account user principal name suffix" + }, + { + "value": "AlertProductNames", + "description": "The name of the product of the alert" + }, + { + "value": "AlertAnalyticRuleIds", + "description": "The analytic rule ids of the alert" + }, + { + "value": "AzureResourceResourceId", + "description": "The Azure resource id" + }, + { + "value": "AzureResourceSubscriptionId", + "description": "The Azure resource subscription id" + }, + { + "value": "CloudApplicationAppId", + "description": "The cloud application identifier" + }, + { + "value": "CloudApplicationAppName", + "description": "The cloud application name" + }, + { + "value": "DNSDomainName", + "description": "The dns record domain name" + }, + { + "value": "FileDirectory", + "description": "The file directory full path" + }, + { + "value": "FileName", + "description": "The file name without path" + }, + { + "value": "FileHashValue", + "description": "The file hash value" + }, + { + "value": "HostAzureID", + "description": "The host Azure resource id" + }, + { + "value": "HostName", + "description": "The host name without domain" + }, + { + "value": "HostNetBiosName", + "description": "The host NetBIOS name" + }, + { + "value": "HostNTDomain", + "description": "The host NT domain" + }, + { + "value": "HostOSVersion", + "description": "The host operating system" + }, + { + "value": "IoTDeviceId", + "description": "\"The IoT device id" + }, + { + "value": "IoTDeviceName", + "description": "The IoT device name" + }, + { + "value": "IoTDeviceType", + "description": "The IoT device type" + }, + { + "value": "IoTDeviceVendor", + "description": "The IoT device vendor" + }, + { + "value": "IoTDeviceModel", + "description": "The IoT device model" + }, + { + "value": "IoTDeviceOperatingSystem", + "description": "The IoT device operating system" + }, + { + "value": "IPAddress", + "description": "The IP address" + }, + { + "value": "MailboxDisplayName", + "description": "The mailbox display name" + }, + { + "value": "MailboxPrimaryAddress", + "description": "The mailbox primary address" + }, + { + "value": "MailboxUPN", + "description": "The mailbox user principal name" + }, + { + "value": "MailMessageDeliveryAction", + "description": "The mail message delivery action" + }, + { + "value": "MailMessageDeliveryLocation", + "description": "The mail message delivery location" + }, + { + "value": "MailMessageRecipient", + "description": "The mail message recipient" + }, + { + "value": "MailMessageSenderIP", + "description": "The mail message sender IP address" + }, + { + "value": "MailMessageSubject", + "description": "The mail message subject" + }, + { + "value": "MailMessageP1Sender", + "description": "The mail message P1 sender" + }, + { + "value": "MailMessageP2Sender", + "description": "The mail message P2 sender" + }, + { + "value": "MalwareCategory", + "description": "The malware category" + }, + { + "value": "MalwareName", + "description": "The malware name" + }, + { + "value": "ProcessCommandLine", + "description": "The process execution command line" + }, + { + "value": "ProcessId", + "description": "The process id" + }, + { + "value": "RegistryKey", + "description": "The registry key path" + }, + { + "value": "RegistryValueData", + "description": "The registry key value in string formatted representation" + }, + { + "value": "Url", + "description": "The url" + } + ] + } + }, + "AutomationRulePropertyValuesChangedCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedPropertyType" + }, + "changeType": { + "$ref": "#/definitions/AutomationRulePropertyChangedConditionSupportedChangedType" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRulePropertyValuesCondition": { + "type": "object", + "properties": { + "propertyName": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedProperty" + }, + "operator": { + "$ref": "#/definitions/AutomationRulePropertyConditionSupportedOperator" + }, + "propertyValues": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "AutomationRuleRunPlaybookAction": { + "description": "Describes an automation rule action to run a playbook", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleAction" + } + ], + "properties": { + "actionConfiguration": { + "type": "object", + "$ref": "#/definitions/PlaybookActionProperties" + } + }, + "x-ms-discriminator-value": "RunPlaybook", + "x-ms-client-flatten": true + }, + "AutomationRulesList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AutomationRule" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "AutomationRuleTriggeringLogic": { + "description": "Describes automation rule triggering logic.", + "required": [ + "isEnabled", + "triggersOn", + "triggersWhen" + ], + "type": "object", + "properties": { + "isEnabled": { + "description": "Determines whether the automation rule is enabled or disabled.", + "type": "boolean" + }, + "expirationTimeUtc": { + "format": "date-time", + "description": "Determines when the automation rule should automatically expire and be disabled.", + "type": "string" + }, + "triggersOn": { + "$ref": "#/definitions/triggersOn" + }, + "triggersWhen": { + "$ref": "#/definitions/triggersWhen" + }, + "conditions": { + "description": "The conditions to evaluate to determine if the automation rule should be triggered on a given object.", + "type": "array", + "maxItems": 50, + "items": { + "$ref": "#/definitions/AutomationRuleCondition" + }, + "x-ms-identifiers": [ + "conditionType" + ] + } + } + }, + "BooleanConditionProperties": { + "description": "Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRuleBooleanCondition" + } + }, + "x-ms-discriminator-value": "Boolean", + "x-ms-client-flatten": true + }, + "ConditionType": { + "enum": [ + "Property", + "PropertyArray", + "PropertyChanged", + "PropertyArrayChanged", + "Boolean" + ], + "type": "string", + "example": "Property", + "x-ms-enum": { + "name": "ConditionType", + "modelAsString": true, + "values": [ + { + "value": "Property", + "description": "Evaluate an object property value" + }, + { + "value": "PropertyArray", + "description": "Evaluate an object array property value" + }, + { + "value": "PropertyChanged", + "description": "Evaluate an object property changed value" + }, + { + "value": "PropertyArrayChanged", + "description": "Evaluate an object array property changed value" + }, + { + "value": "Boolean", + "description": "Apply a boolean operator (e.g AND, OR) to conditions" + } + ] + } + }, + "EntityManualTriggerRequestBody": { + "type": "object", + "description": "Describes the request body for triggering a playbook on an entity.", + "required": [ + "logicAppsResourceId" + ], + "properties": { + "incidentArmId": { + "type": "string", + "description": "Incident ARM id." + }, + "tenantId": { + "format": "uuid", + "type": "string", + "description": "The tenant id of the playbook resource." + }, + "logicAppsResourceId": { + "type": "string", + "description": "The resource id of the playbook resource." + } + } + }, + "IncidentPropertiesAction": { + "type": "object", + "properties": { + "severity": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" + }, + "status": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" + }, + "classification": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" + }, + "classificationReason": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed.", + "type": "string" + }, + "owner": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" + }, + "labels": { + "description": "List of labels to add to the incident.", + "type": "array", + "x-ms-identifiers": [ + "labelName" + ], + "items": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" + } + } + } + }, + "ManualTriggerRequestBody": { + "type": "object", + "required": [ + "logicAppsResourceId" + ], + "properties": { + "tenantId": { + "format": "uuid", + "type": "string" + }, + "logicAppsResourceId": { + "type": "string" + } + } + }, + "PlaybookActionProperties": { + "type": "object", + "required": [ + "logicAppResourceId" + ], + "properties": { + "logicAppResourceId": { + "description": "The resource id of the playbook resource.", + "type": "string" + }, + "tenantId": { + "format": "uuid", + "description": "The tenant id of the playbook resource.", + "type": "string" + } + } + }, + "PropertyArrayChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates an array property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyArrayChangedValuesCondition" + } + }, + "x-ms-discriminator-value": "PropertyArrayChanged", + "x-ms-client-flatten": true + }, + "PropertyArrayConditionProperties": { + "description": "Describes an automation rule condition that evaluates an array property's value", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyArrayValuesCondition" + } + }, + "x-ms-discriminator-value": "PropertyArray", + "x-ms-client-flatten": true + }, + "PropertyChangedConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value change", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyValuesChangedCondition" + } + }, + "x-ms-discriminator-value": "PropertyChanged", + "x-ms-client-flatten": true + }, + "PropertyConditionProperties": { + "description": "Describes an automation rule condition that evaluates a property's value", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/AutomationRuleCondition" + } + ], + "properties": { + "conditionProperties": { + "type": "object", + "$ref": "#/definitions/AutomationRulePropertyValuesCondition" + } + }, + "x-ms-discriminator-value": "Property", + "x-ms-client-flatten": true + }, + "triggersOn": { + "enum": [ + "Incidents", + "Alerts" + ], + "type": "string", + "example": "Incidents", + "x-ms-enum": { + "name": "triggersOn", + "modelAsString": true, + "values": [ + { + "value": "Incidents", + "description": "Trigger on Incidents" + }, + { + "value": "Alerts", + "description": "Trigger on Alerts" + } + ] + } + }, + "triggersWhen": { + "enum": [ + "Created", + "Updated" + ], + "type": "string", + "example": "Created", + "x-ms-enum": { + "name": "triggersWhen", + "modelAsString": true, + "values": [ + { + "value": "Created", + "description": "Trigger on created objects" + }, + { + "value": "Updated", + "description": "Trigger on updated objects" + } + ] + } + } + }, + "parameters": { + "AutomationRule": { + "name": "automationRule", + "description": "The automation rule", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/AutomationRule" + } + }, + "AutomationRuleId": { + "in": "path", + "name": "automationRuleId", + "description": "Automation rule ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json new file mode 100644 index 000000000000..46c9c60cf1a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json @@ -0,0 +1,226 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics": { + "get": { + "x-ms-examples": { + "Get all Microsoft Sentinel billing statistics.": { + "$ref": "./examples/billingStatistics/GetAllBillingStatistics.json" + } + }, + "tags": [ + "billingStatistics" + ], + "description": "Gets all Microsoft Sentinel billing statistics.", + "operationId": "BillingStatistics_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BillingStatisticList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/billingStatistics/{billingStatisticName}": { + "get": { + "x-ms-examples": { + "Get a billing statistic.": { + "$ref": "./examples/billingStatistics/GetBillingStatistic.json" + } + }, + "tags": [ + "billingStatistics" + ], + "description": "Gets a billing statistic", + "operationId": "BillingStatistics_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BillingStatisticName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BillingStatistic" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "BillingStatisticList": { + "description": "List of all Microsoft Sentinel billing statistics.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of billing statistics.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of billing statistics.", + "items": { + "$ref": "#/definitions/BillingStatistic" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "BillingStatistic": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "Billing statistic", + "properties": { + "kind": { + "$ref": "#/definitions/BillingStatisticKindEnum", + "description": "The kind of the billing statistic" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "BillingStatisticKindEnum": { + "description": "The kind of the billing statistic", + "enum": [ + "SapSolutionUsage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "BillingStatisticKind", + "values": [ + { + "value": "SapSolutionUsage" + } + ] + } + }, + "SapSolutionUsageStatistic": { + "allOf": [ + { + "$ref": "#/definitions/BillingStatistic" + } + ], + "description": "Billing statistic about the Microsoft Sentinel solution for SAP Usage", + "properties": { + "properties": { + "$ref": "#/definitions/SapSolutionUsageStatisticProperties", + "description": "The SAP solution usage object", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SapSolutionUsage" + }, + "SapSolutionUsageStatisticProperties": { + "description": "Properties of the billing statistic about the Microsoft Sentinel solution for SAP usage", + "properties": { + "activeSystemIdCount": { + "description": "The latest count of active SAP system IDs under the Microsoft Sentinel solution for SAP Usage", + "type": "integer", + "format": "int64", + "readOnly": true + } + }, + "type": "object" + } + }, + "parameters": { + "BillingStatisticName": { + "description": "The name of the billing statistic", + "in": "path", + "name": "billingStatisticName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json new file mode 100644 index 000000000000..2531ac3a24de --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json @@ -0,0 +1,751 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks": { + "get": { + "x-ms-examples": { + "Get all bookmarks.": { + "$ref": "./examples/bookmarks/GetBookmarks.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets all bookmarks.", + "operationId": "Bookmarks_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}": { + "get": { + "x-ms-examples": { + "Get a bookmark.": { + "$ref": "./examples/bookmarks/GetBookmarkById.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Gets a bookmark.", + "operationId": "Bookmarks_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark.": { + "$ref": "./examples/bookmarks/CreateBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Creates or updates the bookmark.", + "operationId": "Bookmarks_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/Bookmark" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Bookmark" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a bookmark.": { + "$ref": "./examples/bookmarks/DeleteBookmark.json" + } + }, + "tags": [ + "Bookmarks" + ], + "description": "Delete the bookmark.", + "operationId": "Bookmarks_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations": { + "get": { + "x-ms-examples": { + "Get all bookmark relations.": { + "$ref": "./examples/bookmarks/relations/GetAllBookmarkRelations.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets all bookmark relations.", + "operationId": "BookmarkRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand": { + "post": { + "x-ms-examples": { + "Expand an bookmark": { + "$ref": "./examples/bookmarks/expand/PostExpandBookmark.json" + } + }, + "description": "Expand an bookmark", + "operationId": "Bookmark_Expand", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "#/parameters/BookmarkExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/BookmarkExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "tags": [ + "Bookmark" + ] + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/GetBookmarkRelationByName.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Gets a bookmark relation.", + "operationId": "BookmarkRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a bookmark relation.": { + "$ref": "./examples/bookmarks/relations/CreateBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Creates the bookmark relation.", + "operationId": "BookmarkRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the bookmark relation.": { + "$ref": "./examples/bookmarks/relations/DeleteBookmarkRelation.json" + } + }, + "tags": [ + "BookmarkRelations" + ], + "description": "Delete the bookmark relation.", + "operationId": "BookmarkRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/BookmarkId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "Bookmark": { + "description": "The bookmark", + "in": "body", + "name": "bookmark", + "required": true, + "schema": { + "$ref": "#/definitions/Bookmark" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/BookmarkExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "BookmarkId": { + "description": "Bookmark ID", + "in": "path", + "name": "bookmarkId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "Bookmark": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a bookmark in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/BookmarkProperties", + "description": "Bookmark properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "BookmarkExpandParameters": { + "description": "The parameters required to execute an expand operation on the given bookmark.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "BookmarkExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "./common/EntityTypes.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array" + }, + "edges": { + "description": "Array of expansion result connected entities", + "items": { + "$ref": "#/definitions/ConnectedEntity" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "BookmarkList": { + "description": "List all the bookmarks.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of bookmarks.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of bookmarks.", + "items": { + "$ref": "#/definitions/Bookmark" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "BookmarkProperties": { + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "eventTime": { + "description": "The bookmark event time", + "format": "date-time", + "type": "string" + }, + "queryStartTime": { + "description": "The start time for the query", + "format": "date-time", + "type": "string" + }, + "queryEndTime": { + "description": "The end time for the query", + "format": "date-time", + "type": "string" + }, + "incidentInfo": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + }, + "entityMappings": { + "$ref": "#/definitions/EntityMappingsList", + "description": "Describes the entity mappings of the bookmark", + "type": "object" + }, + "tactics": { + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "description": "A list of relevant mitre attacks", + "type": "array" + }, + "techniques": { + "items": { + "$ref": "#/definitions/AttackTechnique" + }, + "description": "A list of relevant mitre techniques", + "type": "array" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "ConnectedEntity": { + "description": "Expansion result connected entities", + "properties": { + "targetEntityId": { + "description": "Entity Id of the connected entity", + "type": "string" + }, + "additionalData": { + "description": "key-value pairs for a connected entity mapping", + "type": "object" + } + }, + "type": "object" + }, + "EntityMappingsList": { + "description": "Describes the entity mappings of the bookmark", + "items": { + "$ref": "#/definitions/BookmarkEntityMappings" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "BookmarkEntityMappings": { + "description": "Describes the entity mappings of a single entity", + "properties": { + "entityType": { + "description": "The entity type", + "type": "string" + }, + "fieldMappings": { + "description": "Array of fields mapping for that entity type", + "items": { + "$ref": "#/definitions/EntityFieldMapping" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "EntityFieldMapping": { + "description": "Map identifiers of a single entity", + "properties": { + "identifier": { + "description": "Alert V3 identifier", + "type": "string" + }, + "value": { + "description": "The value of the identifier", + "type": "string" + } + }, + "type": "object" + }, + "AttackTechnique": { + "description": "Mitre technique (https://attack.mitre.org/matrices/enterprise/)", + "type": "string" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json new file mode 100644 index 000000000000..1d4f1088115e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json @@ -0,0 +1,310 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages": { + "get": { + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetPackages.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Gets all installed packages.", + "operationId": "ContentPackages_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}": { + "get": { + "x-ms-examples": { + "Get installed packages by id.": { + "$ref": "./examples/contentPackages/GetPackageById.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Gets an installed packages by its id.", + "operationId": "ContentPackages_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Install a package to the workspace.": { + "$ref": "./examples/contentPackages/InstallPackage.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Install a package to the workspace.", + "operationId": "ContentPackage_Install", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + }, + { + "$ref": "#/parameters/PackageInstallationProperties" + } + ], + "responses": { + "200": { + "description": "OK, a package is updated.", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/packageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Uninstall a package from the workspace.": { + "$ref": "./examples/contentPackages/UninstallPackage.json" + } + }, + "tags": [ + "ContentPackages" + ], + "description": "Uninstall a package from the workspace.", + "operationId": "ContentPackage_Uninstall", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "packageList": { + "description": "List available packages.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of packages.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of packages.", + "items": { + "$ref": "#/definitions/packageModel" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "packageModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "description": "package properties", + "$ref": "#/definitions/packageProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "packageProperties": { + "description": "Describes package properties", + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties" + } + ], + "required": [ + "contentId", + "contentProductId", + "contentKind", + "version", + "displayName" + ], + "type": "object" + } + }, + "parameters": { + "PackageIdParameter": { + "description": "package Id", + "in": "path", + "name": "packageId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "PackageInstallationProperties": { + "description": "Package installation properties", + "in": "body", + "name": "packageInstallationProperties", + "required": true, + "schema": { + "$ref": "#/definitions/packageModel" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json new file mode 100644 index 000000000000..f018cc9afba5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json @@ -0,0 +1,231 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages": { + "get": { + "x-ms-examples": { + "Get all available packages.": { + "$ref": "./examples/contentPackages/GetProductPackages.json" + } + }, + "tags": [ + "ContentProductPackages" + ], + "description": "Gets all packages from the catalog.", + "operationId": "ProductPackages_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productPackageList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}": { + "get": { + "x-ms-examples": { + "Get a package.": { + "$ref": "./examples/contentPackages/GetProductPackageById.json" + } + }, + "tags": [ + "ContentProductPackages" + ], + "description": "Gets a package by its identifier from the catalog.", + "operationId": "ProductPackage_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/PackageIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productPackageModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "productPackageList": { + "description": "List available packages.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of packages.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of packages.", + "items": { + "$ref": "#/definitions/productPackageModel" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "productPackageModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Package in Azure Security Insights.", + "properties": { + "properties": { + "description": "package properties", + "$ref": "#/definitions/productPackageProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "productPackageProperties": { + "description": "Describes package properties", + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/packageBaseProperties", + "description": "The content id of the package" + }, + { + "$ref": "#/definitions/productPackageAdditionalProperties", + "description": "The package kind" + } + ], + "required": [ + "contentId", + "contentKind", + "version", + "displayName" + ], + "type": "object" + }, + "productPackageAdditionalProperties": { + "description": "product package additional properties", + "properties": { + "installedVersion": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataVersion", + "description": "The version of the installed package, null or absent means not installed." + }, + "resourceId": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataContentId", + "description": "The metadata resource id." + }, + "packagedContent": { + "$ref": "#/definitions/packagedContent", + "description": "the json to deploy" + } + }, + "type": "object" + }, + "packagedContent": { + "type": "object", + "description": "the json to deploy" + } + }, + "parameters": { + "PackageIdParameter": { + "description": "package Id", + "in": "path", + "name": "packageId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json new file mode 100644 index 000000000000..8bd9b377413d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json @@ -0,0 +1,217 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates": { + "get": { + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetProductTemplates.json" + } + }, + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets all templates in the catalog.", + "operationId": "ProductTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productTemplateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}": { + "get": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetProductTemplateById.json" + } + }, + "tags": [ + "ContentProductTemplates" + ], + "description": "Gets a template by its identifier.", + "operationId": "ProductTemplate_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/productTemplateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "productTemplateList": { + "description": "List of all the template.", + "type": "object", + "properties": { + "value": { + "description": "Array of templates.", + "items": { + "$ref": "#/definitions/productTemplateModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of template.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "productTemplateModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Template resource definition.", + "properties": { + "properties": { + "description": "template properties", + "$ref": "#/definitions/productTemplateProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "productTemplateProperties": { + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" + }, + { + "$ref": "#/definitions/productTemplateAdditionalProperties" + } + ], + "description": "Template property bag.", + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source" + ] + }, + "productTemplateAdditionalProperties": { + "description": "additional properties of product template.", + "type": "object", + "properties": { + "packagedContent": { + "type": "object", + "description": "the json to deploy" + } + } + } + }, + "parameters": { + "templateIdParameter": { + "description": "template Id", + "in": "path", + "name": "templateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json new file mode 100644 index 000000000000..87478176d40e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json @@ -0,0 +1,330 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates": { + "get": { + "x-ms-examples": { + "Get all installed templates.": { + "$ref": "./examples/contentTemplates/GetTemplates.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Gets all installed templates.", + "operationId": "ContentTemplates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}": { + "put": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/InstallTemplate.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Install a template.", + "operationId": "ContentTemplate_Install", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + }, + { + "$ref": "#/parameters/templateInstallationProperties" + } + ], + "responses": { + "200": { + "description": "OK, a template is updated.", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "get": { + "x-ms-examples": { + "Get a template.": { + "$ref": "./examples/contentTemplates/GetTemplateById.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Gets a template byt its identifier.", + "operationId": "ContentTemplate_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/templateModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/contentTemplates/DeleteTemplate.json" + } + }, + "tags": [ + "ContentTemplates" + ], + "description": "Delete an installed template.", + "operationId": "ContentTemplate_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/templateIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "templateList": { + "description": "List of all the template.", + "type": "object", + "properties": { + "value": { + "description": "Array of templates.", + "items": { + "$ref": "#/definitions/templateModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of template.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "templateModel": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Template resource definition.", + "properties": { + "properties": { + "description": "template properties", + "$ref": "#/definitions/templateProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "templateProperties": { + "allOf": [ + { + "$ref": "./common/ContentCommonTypes.json#/definitions/templateBaseProperties" + }, + { + "$ref": "#/definitions/templateAdditionalProperties" + } + ], + "description": "Template property bag.", + "required": [ + "contentId", + "version", + "displayName", + "contentKind", + "source", + "packageId", + "packageVersion", + "contentProductId" + ], + "type": "object" + }, + "templateAdditionalProperties": { + "description": "additional properties of product template.", + "type": "object", + "properties": { + "mainTemplate": { + "$ref": "#/definitions/mainTemplate", + "description": "The JSON of the ARM template to deploy active content" + } + } + }, + "mainTemplate": { + "description": "The JSON of the ARM template to deploy active content", + "type": "object" + } + }, + "parameters": { + "templateIdParameter": { + "description": "template Id", + "in": "path", + "name": "templateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "templateInstallationProperties": { + "description": "Template installation properties", + "in": "body", + "name": "templateInstallationProperties", + "required": true, + "schema": { + "$ref": "#/definitions/templateModel" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json new file mode 100644 index 000000000000..fbf609562792 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json @@ -0,0 +1,381 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/": { + "get": { + "x-ms-examples": { + "Get geodata for a single IP address": { + "$ref": "./examples/enrichment/GetGeodataByIp.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get geodata for a single IP address", + "operationId": "IPGeodata_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/EnrichmentIpAddress" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentIpGeodata" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this ip.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/": { + "get": { + "x-ms-examples": { + "Get whois information for a single domain name": { + "$ref": "./examples/enrichment/GetWhoisByDomainName.json" + } + }, + "tags": [ + "Enrichment" + ], + "description": "Get whois information for a single domain name", + "operationId": "DomainWhois_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/EnrichmentDomain" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EnrichmentDomainWhois" + } + }, + "default": { + "description": "Error response describing why the operation failed to enrich this domain.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EnrichmentIpAddress": { + "description": "IP address (v4 or v6) to be enriched", + "in": "query", + "name": "ipAddress", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EnrichmentDomain": { + "description": "Domain name to be enriched", + "in": "query", + "name": "domain", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "EnrichmentDomainWhois": { + "description": "Whois information for a given domain and associated metadata", + "properties": { + "domain": { + "description": "The domain for this whois record", + "type": "string" + }, + "server": { + "description": "The hostname of this registrar's whois server", + "type": "string" + }, + "created": { + "description": "The timestamp at which this record was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The timestamp at which this record was last updated", + "format": "date-time", + "type": "string" + }, + "expires": { + "description": "The timestamp at which this record will expire", + "format": "date-time", + "type": "string" + }, + "parsedWhois": { + "description": "The whois record for a given domain", + "$ref": "#/definitions/EnrichmentDomainWhoisDetails" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisDetails": { + "description": "The whois record for a given domain", + "properties": { + "registrar": { + "description": "The registrar associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisRegistrarDetails" + }, + "contacts": { + "description": "The set of contacts associated with this domain", + "$ref": "#/definitions/EnrichmentDomainWhoisContacts" + }, + "nameServers": { + "description": "A list of name servers associated with this domain", + "type": "array", + "items": { + "type": "string" + } + }, + "statuses": { + "description": "The set of status flags for this whois record", + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisRegistrarDetails": { + "description": "The registrar associated with this domain", + "properties": { + "name": { + "description": "The name of this registrar", + "type": "string" + }, + "abuseContactEmail": { + "description": "This registrar's abuse contact email", + "type": "string" + }, + "abuseContactPhone": { + "description": "This registrar's abuse contact phone number", + "type": "string" + }, + "ianaId": { + "description": "This registrar's Internet Assigned Numbers Authority id", + "type": "string" + }, + "url": { + "description": "This registrar's URL", + "type": "string" + }, + "whoisServer": { + "description": "The hostname of this registrar's whois server", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContacts": { + "description": "The set of contacts associated with this domain", + "properties": { + "admin": { + "description": "The admin contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "billing": { + "description": "The billing contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "registrant": { + "description": "The registrant contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + }, + "tech": { + "description": "The technical contact for this whois record", + "$ref": "#/definitions/EnrichmentDomainWhoisContact" + } + }, + "type": "object" + }, + "EnrichmentDomainWhoisContact": { + "description": "An individual contact associated with this domain", + "properties": { + "name": { + "description": "The name of this contact", + "type": "string" + }, + "org": { + "description": "The organization for this contact", + "type": "string" + }, + "street": { + "description": "A list describing the street address for this contact", + "type": "array", + "items": { + "type": "string" + } + }, + "city": { + "description": "The city for this contact", + "type": "string" + }, + "state": { + "description": "The state for this contact", + "type": "string" + }, + "postal": { + "description": "The postal code for this contact", + "type": "string" + }, + "country": { + "description": "The country for this contact", + "type": "string" + }, + "phone": { + "description": "The phone number for this contact", + "type": "string" + }, + "fax": { + "description": "The fax number for this contact", + "type": "string" + }, + "email": { + "description": "The email address for this contact", + "type": "string" + } + }, + "type": "object" + }, + "EnrichmentIpGeodata": { + "description": "Geodata information for a given IP address", + "properties": { + "asn": { + "description": "The autonomous system number associated with this IP address", + "type": "string" + }, + "carrier": { + "description": "The name of the carrier for this IP address", + "type": "string" + }, + "city": { + "description": "The city this IP address is located in", + "type": "string" + }, + "cityCf": { + "description": "A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "continent": { + "description": "The continent this IP address is located on", + "type": "string" + }, + "country": { + "description": "The county this IP address is located in", + "type": "string" + }, + "countryCf": { + "description": "A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "ipAddr": { + "description": "The dotted-decimal or colon-separated string representation of the IP address", + "type": "string" + }, + "ipRoutingType": { + "description": "A description of the connection type of this IP address", + "type": "string" + }, + "latitude": { + "description": "The latitude of this IP address", + "type": "string" + }, + "longitude": { + "description": "The longitude of this IP address", + "type": "string" + }, + "organization": { + "description": "The name of the organization for this IP address", + "type": "string" + }, + "organizationType": { + "description": "The type of the organization for this IP address", + "type": "string" + }, + "region": { + "description": "The geographic region this IP address is located in", + "type": "string" + }, + "state": { + "description": "The state this IP address is located in", + "type": "string" + }, + "stateCf": { + "description": "A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100", + "type": "integer", + "format": "int32" + }, + "stateCode": { + "description": "The abbreviated name for the state this IP address is located in", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json new file mode 100644 index 000000000000..44c884f4c857 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json @@ -0,0 +1,1556 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities": { + "get": { + "x-ms-examples": { + "Get all entities.": { + "$ref": "./examples/entities/GetEntities.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets all entities.", + "operationId": "Entities_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}": { + "get": { + "x-ms-examples": { + "Get an account entity.": { + "$ref": "./examples/entities/GetAccountEntityById.json" + }, + "Get a host entity.": { + "$ref": "./examples/entities/GetHostEntityById.json" + }, + "Get a file entity.": { + "$ref": "./examples/entities/GetFileEntityById.json" + }, + "Get a security alert entity.": { + "$ref": "./examples/entities/GetSecurityAlertEntityById.json" + }, + "Get a file hash entity.": { + "$ref": "./examples/entities/GetFileHashEntityById.json" + }, + "Get a malware entity.": { + "$ref": "./examples/entities/GetMalwareEntityById.json" + }, + "Get a security group entity.": { + "$ref": "./examples/entities/GetSecurityGroupEntityById.json" + }, + "Get an azure resource entity.": { + "$ref": "./examples/entities/GetAzureResourceEntityById.json" + }, + "Get a cloud application entity.": { + "$ref": "./examples/entities/GetCloudApplicationEntityById.json" + }, + "Get a process entity.": { + "$ref": "./examples/entities/GetProcessEntityById.json" + }, + "Get a dns entity.": { + "$ref": "./examples/entities/GetDnsEntityById.json" + }, + "Get an ip entity.": { + "$ref": "./examples/entities/GetIpEntityById.json" + }, + "Get a registry key entity.": { + "$ref": "./examples/entities/GetRegistryKeyEntityById.json" + }, + "Get a registry value entity.": { + "$ref": "./examples/entities/GetRegistryValueEntityById.json" + }, + "Get a url entity.": { + "$ref": "./examples/entities/GetUrlEntityById.json" + }, + "Get an IoT device entity.": { + "$ref": "./examples/entities/GetIoTDeviceEntityById.json" + }, + "Get a mailCluster entity.": { + "$ref": "./examples/entities/GetMailClusterEntityById.json" + }, + "Get a mailbox entity.": { + "$ref": "./examples/entities/GetMailboxEntityById.json" + }, + "Get a mailMessage entity.": { + "$ref": "./examples/entities/GetMailMessageEntityById.json" + }, + "Get a submissionMail entity.": { + "$ref": "./examples/entities/GetSubmissionMailEntityById.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Gets an entity.", + "operationId": "Entities_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand": { + "post": { + "x-ms-examples": { + "Expand an entity": { + "$ref": "./examples/entities/expand/PostExpandEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Expands an entity.", + "operationId": "Entities_Expand", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityExpandRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityExpandResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline": { + "post": { + "x-ms-examples": { + "Entity timeline": { + "$ref": "./examples/entities/timeline/PostTimelineEntity.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Timeline for an entity.", + "operationId": "EntitiesGetTimeline_list", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityTimelineRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityTimelineResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries": { + "get": { + "x-ms-examples": { + "Get Entity Query": { + "$ref": "./examples/entities/GetQueries.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Get Insights and Activities for an entity.", + "operationId": "Entities_Queries", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/EntityQueryKindParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/GetQueriesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights": { + "post": { + "x-ms-examples": { + "Entity Insight": { + "$ref": "./examples/entities/insights/PostGetInsights.json" + } + }, + "tags": [ + "Entities" + ], + "description": "Execute Insights for an entity.", + "operationId": "Entities_GetInsights", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "#/parameters/GetInsightsEntityQueriesRequestBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityGetInsightsResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations": { + "get": { + "x-ms-examples": { + "Get all relations of an entity.": { + "$ref": "./examples/entities/relations/GetAllEntityRelations.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets all relations of an entity.", + "operationId": "EntitiesRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an entity relation.": { + "$ref": "./examples/entities/relations/GetEntityRelationByName.json" + } + }, + "tags": [ + "EntityRelations" + ], + "description": "Gets an entity relation.", + "operationId": "EntityRelations_GetRelation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "EntityExpandRequestBody": { + "description": "The parameters required to execute an expand operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityExpandParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityId": { + "description": "entity ID", + "in": "path", + "name": "entityId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityTimelineRequestBody": { + "description": "The parameters required to execute an timeline operation on the given entity.", + "in": "body", + "name": "parameters", + "required": true, + "schema": { + "$ref": "#/definitions/EntityTimelineParameters" + }, + "x-ms-parameter-location": "method" + }, + "EntityQueryKindParam": { + "description": "The Kind parameter for queries", + "in": "query", + "name": "kind", + "required": true, + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "EntityItemQueryKind", + "values": [ + { + "description": "insight", + "value": "Insight" + } + ] + }, + "x-ms-parameter-location": "method" + }, + "GetInsightsEntityQueriesRequestBody": { + "description": "The parameters required to execute insights on the given entity.", + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/EntityGetInsightsParameters" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ActivityTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents Activity timeline item.", + "properties": { + "queryId": { + "type": "string", + "description": "The activity query id." + }, + "bucketStartTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket start time." + }, + "bucketEndTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The grouping bucket end time." + }, + "firstActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the first activity in the grouping bucket." + }, + "lastActivityTimeUTC": { + "format": "date-time", + "type": "string", + "description": "The time of the last activity in the grouping bucket." + }, + "content": { + "type": "string", + "description": "The activity timeline content." + }, + "title": { + "type": "string", + "description": "The activity timeline title." + } + }, + "required": [ + "queryId", + "bucketStartTimeUTC", + "bucketEndTimeUTC", + "firstActivityTimeUTC", + "lastActivityTimeUTC", + "content", + "title" + ], + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "BookmarkTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents bookmark timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The bookmark azure resource id." + }, + "displayName": { + "type": "string", + "description": "The bookmark display name." + }, + "notes": { + "type": "string", + "description": "The notes of the bookmark" + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The bookmark start time." + }, + "eventTime": { + "format": "date-time", + "type": "string", + "description": "The bookmark event time." + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "azureResourceId" + ], + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "AnomalyTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents anomaly timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The anomaly azure resource id." + }, + "productName": { + "type": "string", + "description": "The anomaly product name." + }, + "description": { + "type": "string", + "description": "The anomaly description." + }, + "displayName": { + "type": "string", + "description": "The anomaly name." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The anomaly end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The anomaly start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The anomaly generated time." + }, + "vendor": { + "type": "string", + "description": "The name of the anomaly vendor." + }, + "intent": { + "type": "string", + "description": "The intent of the anomaly." + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "technique of the anomaly" + }, + "description": "The techniques of the anomaly." + }, + "reasons": { + "type": "array", + "items": { + "type": "string", + "description": "Reason of the anomaly" + }, + "description": "The reasons that cause the anomaly." + } + }, + "required": [ + "azureResourceId", + "displayName", + "endTimeUtc", + "startTimeUtc", + "timeGenerated" + ], + "type": "object", + "x-ms-discriminator-value": "Anomaly" + }, + "EntityGetInsightsParameters": { + "description": "The parameters required to execute insights operation on the given entity.", + "type": "object", + "properties": { + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "addDefaultExtendedTimeRange": { + "description": "Indicates if query time range should be extended with default time range of the query. Default value is false", + "type": "boolean" + }, + "insightQueryIds": { + "description": "List of Insights Query Id. If empty, default value is all insights of this entity", + "type": "array", + "items": { + "description": "Insight Query Id (GUID)", + "format": "uuid", + "type": "string" + } + } + }, + "required": [ + "startTime", + "endTime" + ] + }, + "EntityGetInsightsResponse": { + "description": "The Get Insights result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/GetInsightsResultsMetadata", + "description": "The metadata from the get insights operation results." + }, + "value": { + "description": "The insights result values.", + "items": { + "$ref": "#/definitions/EntityInsightItem" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "EntityEdges": { + "description": "The edge that connects the entity to the other entity.", + "properties": { + "targetEntityId": { + "description": "The target entity Id.", + "type": "string" + }, + "additionalData": { + "additionalProperties": true, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "type": "object" + } + }, + "type": "object" + }, + "EntityExpandParameters": { + "description": "The parameters required to execute an expand operation on the given entity.", + "properties": { + "endTime": { + "description": "The end date filter, so the only expansion results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "expansionId": { + "description": "The Id of the expansion to perform.", + "format": "uuid", + "type": "string" + }, + "startTime": { + "description": "The start date filter, so the only expansion results returned are after this date.", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "EntityExpandResponse": { + "description": "The entity expansion result operation response.", + "properties": { + "metaData": { + "$ref": "./common/EntityTypes.json#/definitions/ExpansionResultsMetadata", + "description": "The metadata from the expansion operation results." + }, + "value": { + "description": "The expansion result values.", + "properties": { + "entities": { + "description": "Array of the expansion result entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "edges": { + "description": "Array of edges that connects the entity to the list of entities.", + "items": { + "$ref": "#/definitions/EntityEdges" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + } + }, + "type": "object" + }, + "EntityInsightItem": { + "description": "Entity insight Item.", + "type": "object", + "properties": { + "queryId": { + "type": "string", + "description": "The query id of the insight" + }, + "queryTimeInterval": { + "type": "object", + "description": "The Time interval that the query actually executed on.", + "properties": { + "startTime": { + "format": "date-time", + "type": "string", + "description": "Insight query start time" + }, + "endTime": { + "format": "date-time", + "type": "string", + "description": "Insight query end time" + } + } + }, + "tableQueryResults": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "chartQueryResults": { + "type": "array", + "description": "Query results for table insights query.", + "items": { + "$ref": "#/definitions/InsightsTableResult", + "description": "Query results for table insights query." + }, + "x-ms-identifiers": [] + } + } + }, + "EntityList": { + "description": "List of all the entities.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entities.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entities.", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "EntityTimelineItem": { + "description": "Entity timeline Item.", + "discriminator": "kind", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/EntityTimelineKind", + "description": "The entity query kind type." + } + }, + "required": [ + "kind" + ] + }, + "EntityTimelineResponse": { + "description": "The entity timeline result operation response.", + "properties": { + "metaData": { + "$ref": "#/definitions/TimelineResultsMetadata", + "description": "The metadata from the timeline operation results." + }, + "value": { + "description": "The timeline result values.", + "items": { + "$ref": "#/definitions/EntityTimelineItem" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "EntityTimelineKind": { + "description": "The entity query kind", + "enum": [ + "Activity", + "Bookmark", + "SecurityAlert", + "Anomaly" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityTimelineKind", + "values": [ + { + "description": "activity", + "value": "Activity" + }, + { + "description": "bookmarks", + "value": "Bookmark" + }, + { + "description": "security alerts", + "value": "SecurityAlert" + }, + { + "description": "anomaly", + "value": "Anomaly" + } + ] + } + }, + "EntityTimelineParameters": { + "description": "The parameters required to execute s timeline operation on the given entity.", + "properties": { + "kinds": { + "description": "Array of timeline Item kinds.", + "items": { + "$ref": "#/definitions/EntityTimelineKind" + }, + "type": "array" + }, + "startTime": { + "description": "The start timeline date, so the results returned are after this date.", + "format": "date-time", + "type": "string" + }, + "endTime": { + "description": "The end timeline date, so the results returned are before this date.", + "format": "date-time", + "type": "string" + }, + "numberOfBucket": { + "description": "The number of bucket for timeline queries aggregation.", + "type": "integer", + "format": "int32" + } + }, + "type": "object", + "required": [ + "startTime", + "endTime" + ] + }, + "EntityQueryItem": { + "description": "An abstract Query item for entity", + "type": "object", + "discriminator": "kind", + "properties": { + "id": { + "description": "Query Template ARM ID", + "type": "string", + "readOnly": true + }, + "name": { + "description": "Query Template ARM Name", + "type": "string" + }, + "type": { + "description": "ARM Type", + "type": "string" + }, + "kind": { + "$ref": "./common/EntityTypes.json#/definitions/EntityQueryKind", + "description": "The kind of the entity query" + } + }, + "required": [ + "kind" + ] + }, + "EntityQueryItemProperties": { + "description": "An properties abstract Query item for entity", + "type": "object", + "properties": { + "dataTypes": { + "description": "Data types for template", + "type": "array", + "items": { + "properties": { + "dataType": { + "description": "Data type name", + "type": "string" + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "inputEntityType": { + "description": "The type of the entity", + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType" + }, + "requiredInputFieldsSets": { + "description": "Data types for template", + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object" + } + } + }, + "InsightsTableResult": { + "type": "object", + "description": "Query results for table insights query.", + "properties": { + "columns": { + "type": "array", + "description": "Columns Metadata of the table", + "items": { + "properties": { + "type": { + "type": "string", + "description": "the type of the colum" + }, + "name": { + "type": "string", + "description": "the name of the colum" + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "rows": { + "type": "array", + "description": "Rows data of the table", + "items": { + "type": "array", + "description": "Single row of data", + "items": { + "type": "string", + "description": "Cell in the table" + } + } + } + } + }, + "InsightQueryItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItem" + } + ], + "description": "Represents Insight Query.", + "properties": { + "properties": { + "description": "Properties bag for InsightQueryItem", + "$ref": "#/definitions/InsightQueryItemProperties" + } + }, + "type": "object", + "x-ms-discriminator-value": "Insight" + }, + "InsightQueryItemProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityQueryItemProperties" + } + ], + "description": "Represents Insight Query.", + "properties": { + "displayName": { + "type": "string", + "description": "The insight display name." + }, + "description": { + "type": "string", + "description": "The insight description." + }, + "baseQuery": { + "type": "string", + "description": "The base query of the insight." + }, + "tableQuery": { + "type": "object", + "description": "The insight table query.", + "properties": { + "columnsDefinitions": { + "type": "array", + "description": "List of insight column definitions.", + "items": { + "properties": { + "header": { + "type": "string", + "description": "Insight column header." + }, + "outputType": { + "type": "string", + "description": "Insights Column type.", + "enum": [ + "Number", + "String", + "Date", + "Entity" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "outputType" + } + }, + "supportDeepLink": { + "type": "boolean", + "description": "Is query supports deep-link." + } + }, + "type": "object" + }, + "x-ms-identifiers": [] + }, + "queriesDefinitions": { + "type": "array", + "description": "List of insight queries definitions.", + "x-ms-identifiers": [], + "items": { + "properties": { + "filter": { + "type": "string", + "description": "Insight column header." + }, + "summarize": { + "type": "string", + "description": "Insight column header." + }, + "project": { + "type": "string", + "description": "Insight column header." + }, + "linkColumnsDefinitions": { + "type": "array", + "description": "Insight column header.", + "x-ms-identifiers": [], + "items": { + "properties": { + "projectedName": { + "type": "string", + "description": "Insight Link Definition Projected Name." + }, + "Query": { + "type": "string", + "description": "Insight Link Definition Query." + } + }, + "type": "object" + } + } + }, + "type": "object" + } + } + } + }, + "chartQuery": { + "type": "object", + "description": "The insight chart query." + }, + "additionalQuery": { + "type": "object", + "description": "The activity query definitions.", + "properties": { + "query": { + "type": "string", + "description": "The insight query." + }, + "text": { + "type": "string", + "description": "The insight text." + } + } + }, + "defaultTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "The padding for the start time of the query." + }, + "afterRange": { + "type": "string", + "description": "The padding for the end time of the query." + } + } + }, + "referenceTimeRange": { + "type": "object", + "description": "The insight chart query.", + "properties": { + "beforeRange": { + "type": "string", + "description": "Additional query time for looking back." + } + } + } + }, + "type": "object" + }, + "GetInsightsResultsMetadata": { + "description": "Get Insights result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the insights request", + "type": "integer", + "format": "int32" + }, + "errors": { + "description": "information about the failed queries", + "items": { + "$ref": "#/definitions/GetInsightsErrorKind" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount" + ], + "type": "object" + }, + "GetInsightsErrorKind": { + "description": "GetInsights Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "type": "string", + "enum": [ + "Insight" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "GetInsightsError", + "values": [ + { + "value": "Insight" + } + ] + } + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "GetQueriesResponse": { + "description": "Retrieve queries for entity result operation response.", + "properties": { + "value": { + "description": "The query result values.", + "items": { + "$ref": "#/definitions/EntityQueryItem" + }, + "type": "array" + } + }, + "type": "object" + }, + "SecurityAlertTimelineItem": { + "allOf": [ + { + "$ref": "#/definitions/EntityTimelineItem" + } + ], + "description": "Represents security alert timeline item.", + "properties": { + "azureResourceId": { + "type": "string", + "description": "The alert azure resource id." + }, + "productName": { + "type": "string", + "description": "The alert product name." + }, + "description": { + "type": "string", + "description": "The alert description." + }, + "displayName": { + "type": "string", + "description": "The alert name." + }, + "severity": { + "$ref": "./common/AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The alert severity." + }, + "endTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert end time." + }, + "startTimeUtc": { + "format": "date-time", + "type": "string", + "description": "The alert start time." + }, + "timeGenerated": { + "format": "date-time", + "type": "string", + "description": "The alert generated time." + }, + "alertType": { + "type": "string", + "description": "The name of the alert type." + }, + "intent": { + "type": "string", + "description": "The intent of the alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "technique of the alert" + }, + "description": "The techniques of the alert." + } + }, + "required": [ + "azureResourceId", + "displayName", + "severity", + "endTimeUtc", + "startTimeUtc", + "timeGenerated", + "alertType" + ], + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "TimelineError": { + "description": "Timeline Query Errors.", + "properties": { + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + }, + "queryId": { + "description": "the query id", + "type": "string" + }, + "errorMessage": { + "description": "the error message", + "type": "string" + } + }, + "required": [ + "kind", + "errorMessage" + ], + "type": "object" + }, + "TimelineResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "totalCount": { + "description": "the total items found for the timeline request", + "type": "integer", + "format": "int32" + }, + "aggregations": { + "description": "timeline aggregation per kind", + "items": { + "$ref": "#/definitions/TimelineAggregation" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "errors": { + "description": "information about the failure queries", + "items": { + "$ref": "#/definitions/TimelineError" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "totalCount", + "aggregations" + ], + "type": "object" + }, + "TimelineAggregation": { + "description": "timeline aggregation information per kind", + "properties": { + "count": { + "description": "the total items found for a kind", + "type": "integer", + "format": "int32" + }, + "kind": { + "description": "the query kind", + "$ref": "#/definitions/EntityTimelineKind" + } + }, + "required": [ + "kind", + "count" + ], + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json new file mode 100644 index 000000000000..b8b91863a1af --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json @@ -0,0 +1,507 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries": { + "get": { + "x-ms-examples": { + "Get all entity queries.": { + "$ref": "./examples/entityQueries/GetEntityQueries.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity queries.", + "operationId": "EntityQueries_List", + "parameters": [ + { + "$ref": "#/parameters/EntityQueryKind" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}": { + "get": { + "x-ms-examples": { + "Get an Expansion entity query.": { + "$ref": "./examples/entityQueries/GetExpansionEntityQueryById.json" + }, + "Get an Activity entity query.": { + "$ref": "./examples/entityQueries/GetActivityEntityQueryById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueries_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Activity entity query.": { + "$ref": "./examples/entityQueries/CreateEntityQueryActivity.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Creates or updates the entity query.", + "operationId": "EntityQueries_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + }, + { + "$ref": "#/parameters/CustomEntityQuery" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/EntityQuery" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an entity query.": { + "$ref": "./examples/entityQueries/DeleteEntityQuery.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Delete the entity query.", + "operationId": "EntityQueries_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CustomEntityQueryKind": { + "description": "The kind of the entity query that supports put request.", + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "CustomEntityQueryKind", + "values": [ + { + "value": "Activity" + } + ] + } + }, + "EntityQueryList": { + "description": "List of all the entity queries.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity queries.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity queries.", + "items": { + "$ref": "#/definitions/EntityQuery" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "EntityQuery": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "./common/EntityTypes.json#/definitions/EntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "CustomEntityQuery": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Specific entity query that supports put requests.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "#/definitions/CustomEntityQueryKind", + "description": "the entity query kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "ExpansionEntityQuery": { + "description": "Represents Expansion entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExpansionEntityQueriesProperties", + "description": "Expansion entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Expansion" + }, + "ExpansionEntityQueriesProperties": { + "description": "Describes expansion entity query properties", + "properties": { + "dataSources": { + "description": "List of the data sources that are required to run the query", + "items": { + "description": "data source", + "type": "string" + }, + "type": "array" + }, + "displayName": { + "description": "The query display name", + "type": "string" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "inputFields": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "input field", + "type": "string" + }, + "type": "array" + }, + "outputEntityTypes": { + "description": "List of the desired output types to be constructed from the result", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "output entity type" + }, + "type": "array" + }, + "queryTemplate": { + "description": "The template query string to be parsed and formatted", + "type": "string" + } + }, + "type": "object" + }, + "ActivityEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityCustomEntityQuery": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/CustomEntityQuery" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueriesProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueriesProperties": { + "description": "Describes activity entity query properties", + "properties": { + "title": { + "description": "The entity query title", + "type": "string" + }, + "content": { + "description": "The entity query content to display in timeline", + "type": "string" + }, + "description": { + "description": "The entity query description", + "type": "string" + }, + "queryDefinitions": { + "description": "The Activity query definitions", + "properties": { + "query": { + "description": "The Activity query to run on a given entity", + "type": "string" + } + }, + "type": "object" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "Sub sets of the field of the source entity that are required to run the query", + "items": { + "description": "Required input field name", + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object", + "additionalProperties": { + "description": "Filter field name", + "items": { + "description": "Filter field values", + "type": "string" + }, + "type": "array" + } + }, + "templateName": { + "description": "The template id this activity was created from", + "type": "string" + }, + "enabled": { + "description": "Determines whether this activity is enabled or disabled.", + "type": "boolean" + }, + "createdTimeUtc": { + "description": "The time the activity was created", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "lastModifiedTimeUtc": { + "description": "The last time the activity was updated", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "EntityQueryId": { + "description": "entity query ID", + "in": "path", + "name": "entityQueryId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryKind": { + "description": "The entity query kind we want to fetch", + "in": "query", + "name": "kind", + "required": false, + "enum": [ + "Expansion", + "Activity" + ], + "type": "string", + "x-ms-parameter-location": "method" + }, + "CustomEntityQuery": { + "description": "The entity query we want to create or update", + "in": "body", + "name": "entityQuery", + "required": true, + "schema": { + "$ref": "#/definitions/CustomEntityQuery" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json new file mode 100644 index 000000000000..04c35e21d6f6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json @@ -0,0 +1,304 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates": { + "get": { + "x-ms-examples": { + "Get all entity query templates.": { + "$ref": "./examples/entityQueryTemplates/GetEntityQueryTemplates.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets all entity query templates.", + "operationId": "EntityQueryTemplates_List", + "parameters": [ + { + "$ref": "#/parameters/EntityQueryTemplateKind" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryTemplateList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}": { + "get": { + "x-ms-examples": { + "Get an Activity entity query template.": { + "$ref": "./examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json" + } + }, + "tags": [ + "EntityQueries" + ], + "description": "Gets an entity query.", + "operationId": "EntityQueryTemplates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/EntityQueryTemplateId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/EntityQueryTemplate" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "EntityQueryTemplateKind": { + "description": "The kind of the entity query template.", + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryTemplateKind", + "values": [ + { + "value": "Activity" + } + ] + } + }, + "EntityQueryTemplateList": { + "description": "List of all the entity query templates.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of entity query templates.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of entity query templates.", + "items": { + "$ref": "#/definitions/EntityQueryTemplate" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "EntityQueryTemplate": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Specific entity query template.", + "discriminator": "kind", + "properties": { + "kind": { + "$ref": "#/definitions/EntityQueryTemplateKind", + "description": "the entity query template kind" + } + }, + "type": "object", + "required": [ + "kind" + ] + }, + "ActivityEntityQueryTemplate": { + "description": "Represents Activity entity query.", + "allOf": [ + { + "$ref": "#/definitions/EntityQueryTemplate" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ActivityEntityQueryTemplateProperties", + "description": "Activity entity query properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Activity" + }, + "ActivityEntityQueryTemplateProperties": { + "description": "Describes activity entity query properties", + "properties": { + "title": { + "description": "The entity query title", + "type": "string" + }, + "content": { + "description": "The entity query content to display in timeline", + "type": "string" + }, + "description": { + "description": "The entity query description", + "type": "string" + }, + "queryDefinitions": { + "description": "The Activity query definitions", + "properties": { + "query": { + "description": "The Activity query to run on a given entity", + "type": "string" + }, + "summarizeBy": { + "description": "The dimensions we want to summarize the timeline results on, this is comma separated list", + "type": "string" + } + }, + "type": "object" + }, + "dataTypes": { + "description": "List of required data types for the given entity query template", + "items": { + "$ref": "#/definitions/DataTypeDefinitions" + }, + "type": "array" + }, + "inputEntityType": { + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerType", + "description": "The type of the query's source entity" + }, + "requiredInputFieldsSets": { + "description": "List of the fields of the source entity that are required to run the query", + "items": { + "description": "Sub sets of the field of the source entity that are required to run the query", + "items": { + "description": "Required input field name", + "type": "string" + }, + "type": "array" + }, + "type": "array" + }, + "entitiesFilter": { + "description": "The query applied only to entities matching to all filters", + "type": "object", + "additionalProperties": { + "description": "Filter field name", + "items": { + "description": "Filter field values", + "type": "string" + }, + "type": "array" + } + } + }, + "type": "object" + }, + "DataTypeDefinitions": { + "description": "The data type definition", + "properties": { + "dataType": { + "description": "The data type name", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": { + "EntityQueryTemplateId": { + "description": "entity query template ID", + "in": "path", + "name": "entityQueryTemplateId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "EntityQueryTemplateKind": { + "description": "The entity template query kind we want to fetch", + "in": "query", + "name": "kind", + "required": false, + "enum": [ + "Activity" + ], + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json new file mode 100644 index 000000000000..f4e1755ea170 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json @@ -0,0 +1,564 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports": { + "get": { + "x-ms-examples": { + "Get all file imports.": { + "$ref": "./examples/fileImports/GetFileImports.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets all file imports.", + "operationId": "FileImports_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImportList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}": { + "get": { + "x-ms-examples": { + "Get a file import.": { + "$ref": "./examples/fileImports/GetFileImportById.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Gets a file import.", + "operationId": "FileImports_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create a file import.": { + "$ref": "./examples/fileImports/CreateFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Creates the file import.", + "operationId": "FileImports_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + }, + { + "$ref": "#/parameters/FileImport" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a file import.": { + "$ref": "./examples/fileImports/DeleteFileImport.json" + } + }, + "tags": [ + "FileImports" + ], + "description": "Delete the file import.", + "operationId": "FileImports_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/FileImportId" + } + ], + "responses": { + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/FileImport" + } + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + } + }, + "definitions": { + "FileMetadata": { + "description": "Represents a file.", + "properties": { + "fileFormat": { + "description": "The format of the file", + "enum": [ + "CSV", + "JSON", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "fileFormat", + "values": [ + { + "description": "A CSV file.", + "value": "CSV" + }, + { + "description": "A JSON file.", + "value": "JSON" + }, + { + "description": "A file of other format.", + "value": "Unspecified" + } + ] + } + }, + "fileName": { + "description": "The name of the file.", + "type": "string" + }, + "fileSize": { + "description": "The size of the file.", + "format": "int32", + "type": "integer" + }, + "fileContentUri": { + "description": "A URI with a valid SAS token to allow uploading / downloading the file.", + "type": "string", + "readOnly": true + }, + "deleteStatus": { + "description": "Indicates whether the file was deleted from the storage account.", + "enum": [ + "Deleted", + "NotDeleted", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeleteStatus", + "values": [ + { + "description": "The file was deleted.", + "value": "Deleted" + }, + { + "description": "The file was not deleted.", + "value": "NotDeleted" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + }, + "readOnly": true + } + }, + "type": "object" + }, + "FileImport": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Represents a file import in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/FileImportProperties", + "description": "File import properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "FileImportList": { + "description": "List all the file imports.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of file imports.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of file imports.", + "items": { + "$ref": "#/definitions/FileImport" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "FileImportProperties": { + "description": "Describes the FileImport's properties", + "properties": { + "ingestionMode": { + "description": "Describes how to ingest the records in the file.", + "enum": [ + "IngestOnlyIfAllAreValid", + "IngestAnyValidRecords", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IngestionMode", + "values": [ + { + "description": "No records should be ingested when invalid records are detected.", + "value": "IngestOnlyIfAllAreValid" + }, + { + "description": "Valid records should still be ingested when invalid records are detected.", + "value": "IngestAnyValidRecords" + }, + { + "description": "Unspecified", + "value": "Unspecified" + } + ] + } + }, + "contentType": { + "description": "The content type of this file.", + "enum": [ + "BasicIndicator", + "StixIndicator", + "Unspecified" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportContentType", + "values": [ + { + "description": "File containing records with the core fields of an indicator, plus the observables to construct the STIX pattern.", + "value": "BasicIndicator" + }, + { + "description": "File containing STIX indicators.", + "value": "StixIndicator" + }, + { + "description": "File containing other records.", + "value": "Unspecified" + } + ] + } + }, + "createdTimeUTC": { + "description": "The time the file was imported.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "errorFile": { + "description": "Represents the error file (if the import was ingested with errors or failed the validation).", + "$ref": "#/definitions/FileMetadata", + "readOnly": true, + "type": "object" + }, + "errorsPreview": { + "description": "An ordered list of some of the errors that were encountered during validation.", + "items": { + "description": "An error that were encountered during validation.", + "$ref": "#/definitions/ValidationError" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "importFile": { + "description": "Represents the imported file.", + "$ref": "#/definitions/FileMetadata", + "type": "object" + }, + "ingestedRecordCount": { + "description": "The number of records that have been successfully ingested.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "source": { + "description": "The source for the data in the file.", + "type": "string" + }, + "state": { + "description": "The state of the file import.", + "enum": [ + "FatalError", + "Ingested", + "IngestedWithErrors", + "InProgress", + "Invalid", + "WaitingForUpload", + "Unspecified" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileImportState", + "values": [ + { + "description": "A fatal error has occurred while ingesting the file.", + "value": "FatalError" + }, + { + "description": "The file has been ingested.", + "value": "Ingested" + }, + { + "description": "The file has been ingested with errors.", + "value": "IngestedWithErrors" + }, + { + "description": "The file ingestion is in progress.", + "value": "InProgress" + }, + { + "description": "The file is invalid.", + "value": "Invalid" + }, + { + "description": "Waiting for the file to be uploaded.", + "value": "WaitingForUpload" + }, + { + "description": "Unspecified state.", + "value": "Unspecified" + } + ] + } + }, + "totalRecordCount": { + "description": "The number of records in the file.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "validRecordCount": { + "description": "The number of records that have passed validation.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "filesValidUntilTimeUTC": { + "description": "The time the files associated with this import are deleted from the storage account.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "importValidUntilTimeUTC": { + "description": "The time the file import record is soft deleted from the database and history.", + "format": "date-time", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "ingestionMode", + "contentType", + "importFile", + "source" + ], + "type": "object" + }, + "ValidationError": { + "description": "Describes an error encountered in the file during validation.", + "properties": { + "recordIndex": { + "description": "The number of the record that has the error.", + "type": "integer", + "format": "int32" + }, + "errorMessages": { + "description": "A list of descriptions of the error.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array" + } + }, + "type": "object" + } + }, + "parameters": { + "FileImportId": { + "description": "File import ID", + "in": "path", + "name": "fileImportId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "FileImport": { + "description": "The file import", + "in": "body", + "name": "fileImport", + "required": true, + "schema": { + "$ref": "#/definitions/FileImport" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json new file mode 100644 index 000000000000..adfa82494451 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json @@ -0,0 +1,994 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts": { + "get": { + "x-ms-examples": { + "Get all hunts.": { + "$ref": "./examples/hunts/GetHunts.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets all hunts, without relations and comments.", + "operationId": "Hunts_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}": { + "get": { + "x-ms-examples": { + "Get a hunt.": { + "$ref": "./examples/hunts/GetHuntById.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Gets a hunt, without relations and comments.", + "operationId": "Hunts_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt.": { + "$ref": "./examples/hunts/DeleteHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Delete a hunt.", + "operationId": "Hunts_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt.": { + "$ref": "./examples/hunts/CreateHunt.json" + } + }, + "tags": [ + "Hunts" + ], + "description": "Create or update a hunt", + "operationId": "Hunts_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/Hunt" + } + ], + "responses": { + "200": { + "description": "Create or update the Hunt", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Hunt" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations": { + "get": { + "x-ms-examples": { + "Get all hunt relations.": { + "$ref": "./examples/hunts/GetHuntRelations.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets all hunt relations", + "operationId": "HuntRelations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/relations/{huntRelationId}": { + "get": { + "x-ms-examples": { + "Get a hunt relation.": { + "$ref": "./examples/hunts/GetHuntRelationById.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Gets a hunt relation", + "operationId": "HuntRelations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt relation.": { + "$ref": "./examples/hunts/DeleteHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Delete a hunt relation.", + "operationId": "HuntRelations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt relation.": { + "$ref": "./examples/hunts/CreateHuntRelation.json" + } + }, + "tags": [ + "HuntRelations" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntRelations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntRelationId" + }, + { + "$ref": "#/parameters/HuntRelation" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt relation", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntRelation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments": { + "get": { + "x-ms-examples": { + "Get all hunt comments.": { + "$ref": "./examples/hunts/GetHuntComments.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets all hunt comments", + "operationId": "HuntComments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/hunts/{huntId}/comments/{huntCommentId}": { + "get": { + "x-ms-examples": { + "Get a hunt comment.": { + "$ref": "./examples/hunts/GetHuntCommentById.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Gets a hunt comment", + "operationId": "HuntComments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a hunt comment.": { + "$ref": "./examples/hunts/DeleteHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Delete a hunt comment.", + "operationId": "HuntComments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a hunt comment.": { + "$ref": "./examples/hunts/CreateHuntComment.json" + } + }, + "tags": [ + "HuntComments" + ], + "description": "Creates or updates a hunt relation.", + "operationId": "HuntComments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/HuntId" + }, + { + "$ref": "#/parameters/HuntCommentId" + }, + { + "$ref": "#/parameters/HuntComment" + } + ], + "responses": { + "200": { + "description": "Create or update the hunt comment", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/HuntComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "HuntList": { + "description": "List all the hunts.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunts.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunts.", + "items": { + "$ref": "#/definitions/Hunt" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Hunt": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntProperties", + "description": "Hunt properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntProperties": { + "description": "Describes hunt properties", + "properties": { + "displayName": { + "description": "The display name of the hunt", + "type": "string" + }, + "description": { + "description": "The description of the hunt", + "type": "string" + }, + "status": { + "description": "The status of the hunt.", + "enum": [ + "New", + "Active", + "Closed", + "Backlog", + "Approved" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "status" + }, + "default": "New" + }, + "hypothesisStatus": { + "description": "The hypothesis status of the hunt.", + "enum": [ + "Unknown", + "Invalidated", + "Validated" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "hypothesisStatus" + }, + "default": "Unknown" + }, + "attackTactics": { + "description": "A list of mitre attack tactics the hunt is associated with", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "attackTechniques": { + "description": "A list of a mitre attack techniques the hunt is associated with", + "items": { + "description": "Attack Technique", + "type": "string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels relevant to this hunt ", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "owner": { + "$ref": "#/definitions/HuntOwner" + } + }, + "required": [ + "displayName", + "description" + ], + "type": "object" + }, + "HuntRelationList": { + "description": "List of all the hunt relations", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt relations.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt relations", + "items": { + "$ref": "#/definitions/HuntRelation" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntRelation": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Relation in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntRelationProperties", + "description": "Hunt Relation properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntRelationProperties": { + "description": "Describes hunt relation properties", + "properties": { + "relatedResourceId": { + "description": "The id of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "type": "string", + "readOnly": true + }, + "relationType": { + "description": "The type of the hunt relation", + "type": "string", + "readOnly": true + }, + "relatedResourceKind": { + "description": "The resource that the relation is related to", + "type": "string", + "readOnly": true + }, + "labels": { + "description": "List of labels relevant to this hunt", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + }, + "HuntCommentList": { + "description": "List of all hunt comments", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of hunt comments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of hunt comments", + "items": { + "$ref": "#/definitions/HuntComment" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "HuntComment": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Hunt Comment in Azure Security Insights", + "properties": { + "properties": { + "$ref": "#/definitions/HuntCommentProperties", + "description": "Hunt Comment properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "HuntCommentProperties": { + "description": "Describes a hunt comment properties", + "properties": { + "message": { + "description": "The message for the comment", + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "HuntOwner": { + "description": "Describes a user that the hunt is assigned to", + "type": "object", + "properties": { + "email": { + "description": "The email of the user the hunt is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the hunt is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the hunt is assigned to.", + "format": "uuid", + "type": "string", + "x-nullable": true + }, + "userPrincipalName": { + "description": "The user principal name of the user the hunt is assigned to.", + "type": "string" + }, + "ownerType": { + "description": "The type of the owner the hunt is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The hunt owner type is unknown", + "value": "Unknown" + }, + { + "description": "The hunt owner type is an AAD user", + "value": "User" + }, + { + "description": "The hunt owner type is an AAD group", + "value": "Group" + } + ] + } + } + } + } + }, + "parameters": { + "Hunt": { + "description": "The hunt", + "name": "hunt", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/Hunt" + }, + "x-ms-parameter-location": "method" + }, + "HuntId": { + "description": "The hunt id (GUID)", + "in": "path", + "name": "huntId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntRelation": { + "description": "The hunt relation", + "in": "body", + "name": "huntRelation", + "required": true, + "schema": { + "$ref": "#/definitions/HuntRelation" + }, + "x-ms-parameter-location": "method" + }, + "HuntRelationId": { + "description": "The hunt relation id (GUID)", + "in": "path", + "name": "huntRelationId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "HuntComment": { + "description": "The hunt comment", + "in": "body", + "name": "huntComment", + "required": true, + "schema": { + "$ref": "#/definitions/HuntComment" + }, + "x-ms-parameter-location": "method" + }, + "HuntCommentId": { + "description": "The hunt comment id (GUID)", + "in": "path", + "name": "huntCommentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json new file mode 100644 index 000000000000..15d817a6ab87 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json @@ -0,0 +1,1658 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { + "get": { + "tags": [ + "Incidents" + ], + "description": "Gets all incidents.", + "operationId": "Incidents_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "Incidents_List": { + "$ref": "./examples/incidents/Incidents_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}": { + "get": { + "tags": [ + "Incidents" + ], + "description": "Gets an incident.", + "operationId": "Incidents_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Get": { + "$ref": "./examples/incidents/Incidents_Get.json" + } + } + }, + "put": { + "tags": [ + "Incidents" + ], + "description": "Creates or updates the incident.", + "operationId": "Incidents_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/Incident" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_CreateOrUpdate": { + "$ref": "./examples/incidents/Incidents_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "Incidents" + ], + "description": "Delete the incident.", + "operationId": "Incidents_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_Delete": { + "$ref": "./examples/incidents/Incidents_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam": { + "post": { + "tags": [ + "IncidentTeam" + ], + "description": "Creates a Microsoft team to investigate the incident by sharing information and insights between participants.", + "operationId": "Incidents_CreateTeam", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/TeamProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TeamInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_CreateTeam": { + "$ref": "./examples/incidents/IncidentTeam/Incidents_CreateTeam.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts": { + "post": { + "tags": [ + "IncidentAlerts" + ], + "description": "Gets all incident alerts.", + "operationId": "Incidents_ListAlerts", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListAlerts": { + "$ref": "./examples/incidents/IncidentAlerts/Incidents_ListAlerts.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks": { + "post": { + "tags": [ + "IncidentBookmarks" + ], + "description": "Gets all incident bookmarks.", + "operationId": "Incidents_ListBookmarks", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentBookmarkList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListBookmarks": { + "$ref": "./examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments": { + "get": { + "tags": [ + "IncidentComments" + ], + "description": "Gets all incident comments.", + "operationId": "IncidentComments_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentCommentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "IncidentComments_List": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}": { + "get": { + "tags": [ + "IncidentComments" + ], + "description": "Gets an incident comment.", + "operationId": "IncidentComments_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Get": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Get.json" + } + } + }, + "put": { + "tags": [ + "IncidentComments" + ], + "description": "Creates or updates the incident comment.", + "operationId": "IncidentComments_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + }, + { + "$ref": "#/parameters/IncidentComment" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "IncidentComments" + ], + "description": "Delete the incident comment.", + "operationId": "IncidentComments_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentCommentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentComments_Delete": { + "$ref": "./examples/incidents/IncidentComments/IncidentComments_Delete.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities": { + "post": { + "tags": [ + "IncidentEntities" + ], + "description": "Gets all incident related entities.", + "operationId": "Incidents_ListEntities", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentEntitiesResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Incidents_ListEntities": { + "$ref": "./examples/incidents/IncidentEntities/Incidents_ListEntities.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations": { + "get": { + "x-ms-examples": { + "Get all incident relations.": { + "$ref": "./examples/incidents/relations/GetAllIncidentRelations.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets all incident relations.", + "operationId": "IncidentRelations_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/RelationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-odata": "./common/RelationTypes.json#/definitions/Relation", + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}": { + "get": { + "x-ms-examples": { + "Get an incident relation.": { + "$ref": "./examples/incidents/relations/GetIncidentRelationByName.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Gets an incident relation.", + "operationId": "IncidentRelations_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an incident relation.": { + "$ref": "./examples/incidents/relations/CreateIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Creates or updates the incident relation.", + "operationId": "IncidentRelations_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/Relation" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "./common/RelationTypes.json#/definitions/Relation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete the incident relation.": { + "$ref": "./examples/incidents/relations/DeleteIncidentRelation.json" + } + }, + "tags": [ + "IncidentRelations" + ], + "description": "Delete the incident relation.", + "operationId": "IncidentRelations_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "./common/RelationTypes.json#/parameters/RelationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks": { + "get": { + "tags": [ + "IncidentTasks" + ], + "description": "Gets all incident tasks.", + "operationId": "IncidentTasks_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTaskList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "IncidentTasks_List": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}": { + "get": { + "tags": [ + "IncidentTasks" + ], + "description": "Gets an incident task.", + "operationId": "IncidentTasks_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Get": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Get.json" + } + } + }, + "put": { + "tags": [ + "IncidentTasks" + ], + "description": "Creates or updates the incident task.", + "operationId": "IncidentTasks_CreateOrUpdate", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + }, + { + "$ref": "#/parameters/IncidentTask" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_CreateOrUpdate": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "IncidentTasks" + ], + "description": "Delete the incident task.", + "operationId": "IncidentTasks_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/IncidentId" + }, + { + "$ref": "#/parameters/IncidentTaskId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "IncidentTasks_Delete": { + "$ref": "./examples/incidents/IncidentTasks/IncidentTasks_Delete.json" + } + } + } + } + }, + "definitions": { + "Incident": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentProperties", + "x-ms-client-flatten": true + } + } + }, + "IncidentAdditionalData": { + "description": "Incident additional data property bag.", + "type": "object", + "properties": { + "alertsCount": { + "format": "int32", + "description": "The number of alerts in the incident", + "type": "integer", + "readOnly": true + }, + "bookmarksCount": { + "format": "int32", + "description": "The number of bookmarks in the incident", + "type": "integer", + "readOnly": true + }, + "commentsCount": { + "format": "int32", + "description": "The number of comments in the incident", + "type": "integer", + "readOnly": true + }, + "alertProductNames": { + "description": "List of product names of alerts in the incident", + "type": "array", + "items": { + "description": "Alert product name", + "type": "string" + }, + "readOnly": true + }, + "tactics": { + "description": "The tactics associated with incident", + "type": "array", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true + }, + "techniques": { + "description": "The techniques associated with incident's tactics", + "type": "array", + "items": { + "type": "string" + }, + "readOnly": true + }, + "providerIncidentUrl": { + "description": "The provider incident url to the incident in Microsoft 365 Defender portal", + "type": "string", + "readOnly": true + } + } + }, + "IncidentAlertList": { + "description": "List of incident alerts.", + "type": "object", + "properties": { + "value": { + "description": "Array of incident alerts.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/SecurityAlert" + } + } + }, + "required": [ + "value" + ] + }, + "IncidentBookmarkList": { + "description": "List of incident bookmarks.", + "type": "object", + "properties": { + "value": { + "description": "Array of incident bookmarks.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/HuntingBookmark" + } + } + }, + "required": [ + "value" + ] + }, + "IncidentComment": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents an incident comment", + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentCommentProperties", + "description": "Incident comment properties", + "x-ms-client-flatten": true + } + } + }, + "IncidentCommentList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentComment" + } + }, + "nextLink": { + "type": "string", + "readOnly": true + } + }, + "required": [ + "value" + ] + }, + "IncidentCommentProperties": { + "description": "Incident comment property bag.", + "required": [ + "message" + ], + "type": "object", + "properties": { + "message": { + "description": "The comment message", + "type": "string" + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the comment was created", + "type": "string", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The time the comment was updated", + "type": "string", + "readOnly": true + }, + "author": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo", + "description": "Describes the client that created the comment", + "readOnly": true + } + } + }, + "IncidentEntitiesResponse": { + "description": "The incident related entities response.", + "type": "object", + "properties": { + "entities": { + "description": "Array of the incident related entities.", + "type": "array", + "items": { + "$ref": "./common/EntityTypes.json#/definitions/Entity" + } + }, + "metaData": { + "description": "The metadata from the incident related entities results.", + "type": "array", + "items": { + "$ref": "#/definitions/IncidentEntitiesResultsMetadata" + } + } + } + }, + "IncidentEntitiesResultsMetadata": { + "description": "Information of a specific aggregation in the incident related entities result.", + "required": [ + "count", + "entityKind" + ], + "type": "object", + "properties": { + "entityKind": { + "description": "The kind of the aggregated entity.", + "$ref": "./common/EntityTypes.json#/definitions/EntityInnerKind" + }, + "count": { + "format": "int32", + "description": "Total number of aggregations of the given kind in the incident related entities result.", + "type": "integer" + } + } + }, + "IncidentList": { + "required": [ + "value" + ], + "description": "List all the incidents.", + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Incident" + } + }, + "nextLink": { + "description": "URL to fetch the next set of incidents.", + "type": "string", + "readOnly": true + } + } + }, + "IncidentProperties": { + "required": [ + "severity", + "status", + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the incident", + "type": "string" + }, + "description": { + "description": "The description of the incident", + "type": "string" + }, + "severity": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentSeverityEnum" + }, + "status": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentStatusEnum" + }, + "classification": { + "description": "The reason the incident was closed", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationEnum" + }, + "classificationReason": { + "description": "The classification reason the incident was closed with", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentClassificationReasonEnum" + }, + "classificationComment": { + "description": "Describes the reason the incident was closed", + "type": "string" + }, + "owner": { + "type": "object", + "description": "Describes a user that the incident is assigned to", + "$ref": "./common/IncidentTypes.json#/definitions/IncidentOwnerInfo" + }, + "labels": { + "description": "List of labels relevant to this incident", + "type": "array", + "items": { + "$ref": "./common/IncidentTypes.json#/definitions/IncidentLabel" + } + }, + "firstActivityTimeUtc": { + "format": "date-time", + "description": "The time of the first activity in the incident", + "type": "string" + }, + "lastActivityTimeUtc": { + "format": "date-time", + "description": "The time of the last activity in the incident", + "type": "string" + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the incident was updated", + "type": "string", + "readOnly": true + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the incident was created", + "type": "string", + "readOnly": true + }, + "incidentNumber": { + "format": "int32", + "description": "A sequential number", + "type": "integer", + "readOnly": true + }, + "additionalData": { + "$ref": "#/definitions/IncidentAdditionalData", + "description": "Additional data on the incident", + "readOnly": true, + "type": "object" + }, + "relatedAnalyticRuleIds": { + "description": "List of resource ids of Analytic rules related to the incident", + "type": "array", + "items": { + "description": "Related Analytic rule resource id", + "type": "string" + }, + "readOnly": true + }, + "incidentUrl": { + "description": "The deep-link url to the incident in Azure portal", + "type": "string", + "readOnly": true + }, + "providerName": { + "description": "The name of the source provider that generated the incident", + "type": "string", + "readOnly": true + }, + "providerIncidentId": { + "description": "The incident ID assigned by the incident provider", + "type": "string", + "readOnly": true + }, + "teamInformation": { + "$ref": "#/definitions/TeamInformation", + "description": "Describes a team for the incident", + "type": "object" + } + } + }, + "IncidentTask": { + "required": [ + "properties" + ], + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "type": "object", + "$ref": "#/definitions/IncidentTaskProperties", + "x-ms-client-flatten": true + } + } + }, + "IncidentTaskList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentTask" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "IncidentTaskProperties": { + "required": [ + "status", + "title" + ], + "type": "object", + "properties": { + "title": { + "description": "The title of the task", + "type": "string" + }, + "description": { + "description": "The description of the task", + "type": "string" + }, + "status": { + "$ref": "#/definitions/IncidentTaskStatus" + }, + "createdTimeUtc": { + "format": "date-time", + "description": "The time the task was created", + "type": "string", + "readOnly": true + }, + "lastModifiedTimeUtc": { + "format": "date-time", + "description": "The last time the task was updated", + "type": "string", + "readOnly": true + }, + "createdBy": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + }, + "lastModifiedBy": { + "type": "object", + "$ref": "../../../common/2.0/types.json#/definitions/ClientInfo" + } + } + }, + "IncidentTaskStatus": { + "enum": [ + "New", + "Completed" + ], + "type": "string", + "example": "New", + "x-ms-enum": { + "name": "IncidentTaskStatus", + "modelAsString": true, + "values": [ + { + "value": "New", + "description": "A new task" + }, + { + "value": "Completed", + "description": "A completed task" + } + ] + } + }, + "TeamInformation": { + "description": "Describes team information", + "type": "object", + "properties": { + "teamId": { + "description": "Team ID", + "type": "string", + "readOnly": true + }, + "primaryChannelUrl": { + "description": "The primary channel URL of the team", + "type": "string", + "readOnly": true + }, + "teamCreationTimeUtc": { + "format": "date-time", + "description": "The time the team was created", + "type": "string", + "readOnly": true + }, + "name": { + "description": "The name of the team", + "type": "string", + "readOnly": true + }, + "description": { + "description": "The description of the team", + "type": "string", + "readOnly": true + } + } + }, + "TeamProperties": { + "description": "Describes team properties", + "required": [ + "teamName" + ], + "type": "object", + "properties": { + "teamName": { + "description": "The name of the team", + "type": "string" + }, + "teamDescription": { + "description": "The description of the team", + "type": "string" + }, + "groupIds": { + "description": "List of group IDs to add their members to the team", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + }, + "memberIds": { + "description": "List of member IDs to add to the team", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + } + } + } + }, + "parameters": { + "Incident": { + "name": "incident", + "description": "The incident", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/Incident" + } + }, + "IncidentId": { + "in": "path", + "name": "incidentId", + "description": "Incident ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + }, + "IncidentComment": { + "name": "incidentComment", + "description": "The incident comment", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/IncidentComment" + } + }, + "IncidentCommentId": { + "in": "path", + "name": "incidentCommentId", + "description": "Incident comment ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + }, + "TeamProperties": { + "name": "teamProperties", + "description": "Team properties", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/TeamInformation" + } + }, + "IncidentTask": { + "name": "incidentTask", + "description": "The incident task", + "required": true, + "in": "body", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/IncidentTask" + } + }, + "IncidentTaskId": { + "in": "path", + "name": "incidentTaskId", + "description": "Incident task ID", + "required": true, + "x-ms-parameter-location": "method", + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json new file mode 100644 index 000000000000..58de0c2f543a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json @@ -0,0 +1,774 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata": { + "get": { + "x-ms-examples": { + "Get all metadata.": { + "$ref": "./examples/metadata/GetAllMetadata.json" + }, + "Get all metadata with OData filter/orderby/skip/top": { + "$ref": "./examples/metadata/GetAllMetadataOData.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "List of all metadata", + "operationId": "Metadata_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkip" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}": { + "get": { + "x-ms-examples": { + "Get single metadata by name": { + "$ref": "./examples/metadata/GetMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Get a Metadata.", + "operationId": "Metadata_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete metadata.": { + "$ref": "./examples/metadata/DeleteMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Delete a Metadata.", + "operationId": "Metadata_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create/update full metadata.": { + "$ref": "./examples/metadata/PutMetadata.json" + }, + "Create/update minimal metadata.": { + "$ref": "./examples/metadata/PutMetadataMinimal.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Create a Metadata.", + "operationId": "Metadata_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/Metadata" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update metadata.": { + "$ref": "./examples/metadata/PatchMetadata.json" + } + }, + "tags": [ + "Metadata" + ], + "description": "Update an existing Metadata.", + "operationId": "Metadata_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/MetadataName" + }, + { + "$ref": "#/parameters/MetadataPatch" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/MetadataModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "MetadataList": { + "description": "List of all the metadata.", + "type": "object", + "properties": { + "value": { + "description": "Array of metadata.", + "items": { + "$ref": "#/definitions/MetadataModel" + }, + "type": "array" + }, + "nextLink": { + "description": "URL to fetch the next page of metadata.", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "value" + ] + }, + "MetadataModel": { + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata resource definition.", + "properties": { + "properties": { + "$ref": "#/definitions/metadataProperties", + "description": "Metadata properties", + "x-ms-client-flatten": true + } + } + }, + "metadataPatch": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Metadata patch request body.", + "type": "object", + "properties": { + "properties": { + "$ref": "#/definitions/metadataPropertiesPatch", + "description": "Metadata patch request body", + "x-ms-client-flatten": true + } + } + }, + "metadataContentId": { + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a template, both will have the same contentId.", + "type": "string" + }, + "metadataParentId": { + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", + "type": "string" + }, + "metadataVersion": { + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", + "type": "string" + }, + "metadataKind": { + "type": "string", + "description": "The kind of content the metadata is for." + }, + "metadataSource": { + "description": "The original source of the content item, where it comes from.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Source type of the content", + "type": "string", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "sourceKind", + "values": [ + { + "value": "LocalWorkspace" + }, + { + "value": "Community" + }, + { + "value": "Solution" + }, + { + "value": "SourceRepository" + } + ] + } + }, + "name": { + "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", + "type": "string" + }, + "sourceId": { + "description": "ID of the content source. The solution ID, workspace ID, etc", + "type": "string" + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "description": "Name of the author. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of author contact", + "type": "string" + }, + "link": { + "description": "Link for author/vendor page", + "type": "string" + } + } + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "required": [ + "tier" + ], + "properties": { + "tier": { + "description": "Type of support for content item", + "type": "string", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "supportTier", + "values": [ + { + "value": "Microsoft" + }, + { + "value": "Partner" + }, + { + "value": "Community" + } + ] + } + }, + "name": { + "description": "Name of the support contact. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of support contact", + "type": "string" + }, + "link": { + "description": "Link for support help, like to support page to open a ticket etc.", + "type": "string" + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "description": "domain for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "verticals": { + "description": "Industry verticals for the solution content item", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "str1", + "str2", + "str3" + ] + } + } + }, + "metadataProviders": { + "description": "Providers for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "firstPublishDate": { + "description": "first publish date of solution content item", + "type": "string", + "format": "date" + }, + "lastPublishDate": { + "description": "last publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataCustomVersion": { + "description": "The custom version of the content. A optional free text", + "type": "string" + }, + "metadataContentSchemaVersion": { + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", + "type": "string" + }, + "metadataIcon": { + "description": "the icon identifier. this id can later be fetched from the solution template", + "type": "string" + }, + "metadataThreatAnalysisTactics": { + "description": "the tactics the resource covers", + "type": "array", + "example": [ + "reconnaissance", + "exfiltration" + ], + "items": { + "type": "string" + } + }, + "metadataThreatAnalysisTechniques": { + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "type": "array", + "example": [ + "T1548", + "T1548.001", + "T1134.003" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImages": { + "description": "preview image file names. These will be taken from the solution artifacts", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImagesDark": { + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataProperties": { + "description": "Metadata property bag.", + "required": [ + "parentId", + "kind" + ], + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the solution content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/firstPublishDate", + "description": "first publish date solution content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/lastPublishDate", + "description": "last publish date for the solution content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + } + } + }, + "metadataPropertiesPatch": { + "description": "Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required", + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "parentId": { + "$ref": "#/definitions/metadataParentId", + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "kind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the metadata is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the metadata - type, name, contact information" + }, + "dependencies": { + "$ref": "./common/ContentCommonTypes.json#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the solution content item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the solution content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/firstPublishDate", + "description": "first publish date solution content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/lastPublishDate", + "description": "last publish date for the solution content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the solution template" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + } + } + } + }, + "parameters": { + "Metadata": { + "description": "Metadata resource.", + "in": "body", + "name": "metadata", + "required": true, + "schema": { + "$ref": "#/definitions/MetadataModel" + }, + "x-ms-parameter-location": "method" + }, + "MetadataPatch": { + "description": "Partial metadata request.", + "in": "body", + "name": "metadataPatch", + "required": true, + "schema": { + "$ref": "#/definitions/metadataPatch" + }, + "x-ms-parameter-location": "method" + }, + "MetadataName": { + "description": "The Metadata name.", + "in": "path", + "name": "metadataName", + "required": true, + "pattern": "^\\S+$", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json new file mode 100644 index 000000000000..60970af40708 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json @@ -0,0 +1,234 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents": { + "get": { + "x-ms-examples": { + "Get all office consents.": { + "$ref": "./examples/officeConsents/GetOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets all office365 consents.", + "operationId": "OfficeConsents_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}": { + "get": { + "x-ms-examples": { + "Get an office consent.": { + "$ref": "./examples/officeConsents/GetOfficeConsentsById.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Gets an office365 consent.", + "operationId": "OfficeConsents_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/OfficeConsent" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an office consent.": { + "$ref": "./examples/officeConsents/DeleteOfficeConsents.json" + } + }, + "tags": [ + "Office Consents" + ], + "description": "Delete the office365 consent.", + "operationId": "OfficeConsents_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ConsentId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ConsentId": { + "description": "consent ID", + "in": "path", + "name": "consentId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "OfficeConsent": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "description": "Consent for Office365 tenant that already made.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeConsentProperties", + "description": "Office consent properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "OfficeConsentList": { + "description": "List of all the office365 consents.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of office consents.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of the consents.", + "items": { + "$ref": "#/definitions/OfficeConsent" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "OfficeConsentProperties": { + "description": "Consent property bag.", + "properties": { + "tenantId": { + "description": "The tenantId of the Office365 with the consent.", + "type": "string" + }, + "consentId": { + "description": "Help to easily cascade among the data layers.", + "type": "string" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json new file mode 100644 index 000000000000..d175c1545be5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json @@ -0,0 +1,284 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}": { + "get": { + "x-ms-examples": { + "Get Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/GetSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Get Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in getting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/CreateSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Create Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + } + }, + "default": { + "description": "Error in creating the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete Sentinel onboarding state": { + "$ref": "./examples/onboardingStates/DeleteSentinelOnboardingState.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Delete Sentinel onboarding state", + "operationId": "SentinelOnboardingStates_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SentinelOnboardingStateName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error in deleting the Sentinel onboarding state", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates": { + "get": { + "x-ms-examples": { + "Get all Sentinel onboarding states": { + "$ref": "./examples/onboardingStates/GetAllSentinelOnboardingStates.json" + } + }, + "tags": [ + "SentinelOnboardingStates" + ], + "description": "Gets all Sentinel onboarding states", + "operationId": "SentinelOnboardingStates_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SentinelOnboardingStatesList" + } + }, + "default": { + "description": "Error in listing the Sentinel onboarding states", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SentinelOnboardingStateProperties": { + "description": "The Sentinel onboarding state properties", + "type": "object", + "properties": { + "customerManagedKey": { + "description": "Flag that indicates the status of the CMK setting", + "type": "boolean" + } + } + }, + "SentinelOnboardingState": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Sentinel onboarding state", + "properties": { + "properties": { + "$ref": "#/definitions/SentinelOnboardingStateProperties", + "description": "The Sentinel onboarding state object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SentinelOnboardingStatesList": { + "description": "List of the Sentinel onboarding states", + "properties": { + "value": { + "description": "Array of Sentinel onboarding states", + "items": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + } + }, + "parameters": { + "SentinelOnboardingStateName": { + "description": "The Sentinel onboarding state name. Supports - default", + "in": "path", + "name": "sentinelOnboardingStateName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SentinelOnboardingStateParameter": { + "description": "The Sentinel onboarding state parameter", + "in": "body", + "name": "sentinelOnboardingStateParameter", + "required": false, + "schema": { + "$ref": "#/definitions/SentinelOnboardingState" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json new file mode 100644 index 000000000000..2664cd8b4d21 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json @@ -0,0 +1,564 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations": { + "get": { + "x-ms-examples": { + "Get Recommendations list.": { + "$ref": "./examples/recommendations/GetRecommendations.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Gets a list of all recommendations.", + "operationId": "GetRecommendations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RecommendationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations/{recommendationId}": { + "get": { + "x-ms-examples": { + "Get a recommendation.": { + "$ref": "./examples/recommendations/GetRecommendation.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Gets a recommendation by its id.", + "operationId": "Get_SingleRecommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RecommendationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Creates a recommendation.": { + "$ref": "./examples/recommendations/PatchRecommendation.json" + } + }, + "tags": [ + "recommendations" + ], + "description": "Patch a recommendation.", + "operationId": "Update_Recommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RecommendationId" + }, + { + "$ref": "#/parameters/RecommendationPatch" + } + ], + "x-ms-long-running-operation": true, + "responses": { + "202": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Recommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "Recommendation": { + "description": "Recommendation object.", + "properties": { + "id": { + "description": "id of recommendation.", + "type": "string", + "format": "uuid" + }, + "instructions": { + "description": "Instructions of the recommendation.", + "$ref": "#/definitions/Instructions" + }, + "content": { + "description": "Content of the recommendation.", + "$ref": "#/definitions/Content", + "x-nullable": true + }, + "resourceId": { + "description": "Id of the resource this recommendation refers to.", + "type": "string", + "x-nullable": true + }, + "additionalProperties": { + "description": "Collection of additional properties for the recommendation.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "x-nullable": true + }, + "title": { + "description": "Title of the recommendation.", + "type": "string" + }, + "description": { + "description": "Description of the recommendation.", + "type": "string" + }, + "recommendationTypeTitle": { + "description": "Title of the recommendation type.", + "type": "string" + }, + "recommendationTypeId": { + "description": "Id of the recommendation type.", + "type": "string" + }, + "category": { + "description": "Category of the recommendation.", + "$ref": "#/definitions/RecommendationCategory" + }, + "context": { + "description": "Context of the recommendation.", + "$ref": "#/definitions/RecommendationContext" + }, + "workspaceId": { + "description": "Id of the workspace this recommendation refers to.", + "type": "string", + "format": "uuid" + }, + "actions": { + "description": "List of actions to take for this recommendation.", + "type": "array", + "items": { + "$ref": "#/definitions/RecommendedAction" + }, + "x-ms-identifiers": [] + }, + "state": { + "description": "State of the recommendation.", + "$ref": "#/definitions/RecommendationState" + }, + "priority": { + "description": "Priority of the recommendation.", + "$ref": "#/definitions/RecommendationPriority" + }, + "lastEvaluatedTimeUtc": { + "description": "The time stamp (UTC) when the recommendation was last evaluated.", + "type": "string", + "format": "date-time" + }, + "hideUntilTimeUtc": { + "description": "The time stamp (UTC) when the recommendation should be displayed again.", + "type": "string", + "format": "date-time", + "x-nullable": true + }, + "displayUntilTimeUtc": { + "description": "The timestamp (UTC) after which the recommendation should not be displayed anymore.", + "type": "string", + "format": "date-time", + "x-nullable": true + }, + "visible": { + "description": "Value indicating if the recommendation should be displayed or not.", + "type": "boolean" + } + }, + "required": [ + "id", + "instructions", + "title", + "description", + "recommendationTypeTitle", + "recommendationTypeId", + "category", + "context", + "workspaceId", + "actions", + "state", + "priority", + "lastEvaluatedTimeUtc" + ], + "type": "object" + }, + "RecommendationList": { + "description": "A list of recommendations", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Recommendation" + }, + "description": "An list of recommendations" + } + }, + "type": "object" + }, + "Content": { + "description": "Content section of the recommendation.", + "properties": { + "title": { + "description": "Title of the content.", + "type": "string" + }, + "description": { + "description": "Description of the content.", + "type": "string" + } + }, + "required": [ + "title", + "description" + ], + "type": "object" + }, + "Instructions": { + "description": "Instructions section of a recommendation.", + "properties": { + "actionsToBePerformed": { + "description": "What actions should be taken to complete the recommendation.", + "type": "string" + }, + "recommendationImportance": { + "description": "Explains why the recommendation is important.", + "type": "string" + }, + "howToPerformActionDetails": { + "description": "How should the user complete the recommendation.", + "type": "string", + "x-nullable": true + } + }, + "required": [ + "actionsToBePerformed", + "recommendationImportance" + ], + "type": "object" + }, + "RecommendedAction": { + "description": "What actions should be taken to complete the recommendation.", + "properties": { + "linkText": { + "description": "Text of the link to complete the action.", + "type": "string" + }, + "linkUrl": { + "description": "The Link to complete the action.", + "type": "string" + }, + "state": { + "description": "The state of the action.", + "$ref": "#/definitions/ActionState" + } + }, + "required": [ + "linkText", + "linkUrl" + ], + "type": "object" + }, + "RecommendationPatch": { + "description": "Recommendation Fields to update.", + "properties": { + "state": { + "description": "State of the recommendation.", + "$ref": "#/definitions/RecommendationState" + }, + "hideUntilTimeUtc": { + "description": "The time stamp (UTC) when the recommendation should be displayed again.", + "type": "string", + "format": "date-time" + } + }, + "type": "object" + }, + "RecommendationCategory": { + "description": "Categories of recommendations.", + "type": "string", + "enum": [ + "Onboarding", + "NewFeature", + "SocEfficiency", + "CostOptimization", + "Demo" + ], + "x-ms-enum": { + "name": "Category", + "modelAsString": true, + "values": [ + { + "value": "Onboarding", + "description": "Onboarding recommendation." + }, + { + "value": "NewFeature", + "description": "New feature recommendation." + }, + { + "value": "SocEfficiency", + "description": "Soc Efficiency recommendation." + }, + { + "value": "CostOptimization", + "description": "Cost optimization recommendation." + }, + { + "value": "Demo", + "description": "Demo recommendation." + } + ] + } + }, + "RecommendationContext": { + "description": "Context of recommendation.", + "type": "string", + "enum": [ + "Analytics", + "Incidents", + "Overview", + "None" + ], + "x-ms-enum": { + "name": "Context", + "modelAsString": true, + "values": [ + { + "value": "Analytics", + "description": "Analytics context." + }, + { + "value": "Incidents", + "description": "Incidents context." + }, + { + "value": "Overview", + "description": "Overview context." + }, + { + "value": "None", + "description": "No context." + } + ] + } + }, + "RecommendationState": { + "description": "State of recommendation.", + "type": "string", + "enum": [ + "Active", + "Disabled", + "CompletedByUser", + "CompletedByAction", + "Hidden" + ], + "x-ms-enum": { + "name": "State", + "modelAsString": true, + "values": [ + { + "value": "Active", + "description": "Recommendation is active." + }, + { + "value": "Disabled", + "description": "Recommendation is disabled." + }, + { + "value": "CompletedByUser", + "description": "Recommendation has been completed by user." + }, + { + "value": "CompletedByAction", + "description": "Recommendation has been completed by action." + }, + { + "value": "Hidden", + "description": "Recommendation is hidden." + } + ] + } + }, + "RecommendationPriority": { + "description": "Priority of recommendation.", + "type": "string", + "enum": [ + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "Priority", + "modelAsString": true, + "values": [ + { + "value": "Low", + "description": "Low priority for recommendation." + }, + { + "value": "Medium", + "description": "Medium priority for recommendation." + }, + { + "value": "High", + "description": "High priority for recommendation." + } + ] + } + }, + "ActionState": { + "description": "Represents the state the recommendation action is currently in.", + "type": "string", + "enum": [ + "Active", + "InProgress", + "Done" + ], + "x-ms-enum": { + "name": "Priority", + "modelAsString": true, + "values": [ + { + "value": "Active", + "description": "Default state of actions." + }, + { + "value": "InProgress", + "description": "State for when actions have been clicked on." + }, + { + "value": "Done", + "description": "State of completed actions." + } + ] + } + } + }, + "parameters": { + "RecommendationId": { + "description": "Recommendation Id.", + "in": "path", + "name": "recommendationId", + "required": true, + "type": "string", + "format": "uuid", + "x-ms-parameter-location": "method" + }, + "RecommendationPatch": { + "description": "Recommendation Fields to Update.", + "in": "body", + "name": "recommendationPatch", + "required": true, + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RecommendationPatch" + }, + "x-ms-identifiers": [] + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..efdb93aa4f09 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json @@ -0,0 +1,444 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings": { + "get": { + "x-ms-examples": { + "Get all Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets all Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}": { + "get": { + "x-ms-examples": { + "Get a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Gets the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a Anomaly Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Creates or updates the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + }, + { + "$ref": "#/parameters/SecurityMLAnalyticsSetting" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a Security ML Analytics Settings.": { + "$ref": "./examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json" + } + }, + "tags": [ + "Security ML Analytics Settings" + ], + "description": "Delete the Security ML Analytics Settings.", + "operationId": "SecurityMLAnalyticsSettings_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsResourceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "SecurityMLAnalyticsSetting": { + "description": "The security ML Analytics setting", + "in": "body", + "name": "securityMLAnalyticsSetting", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + }, + "x-ms-parameter-location": "method" + }, + "SettingsResourceName": { + "description": "Security ML Analytics Settings resource name", + "in": "path", + "name": "settingsResourceName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "SecurityMLAnalyticsSetting": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Security ML Analytics Setting", + "properties": { + "kind": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsKindEnum", + "description": "The kind of security ML Analytics Settings" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "SecurityMLAnalyticsSettingsKindEnum": { + "description": "The kind of security ML analytics settings", + "enum": [ + "Anomaly" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SecurityMLAnalyticsSettingsKind", + "values": [ + { + "value": "Anomaly" + } + ] + } + }, + "SecurityMLAnalyticsSettingsList": { + "description": "List all the SecurityMLAnalyticsSettings", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of SecurityMLAnalyticsSettings.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "AnomalySecurityMLAnalyticsSettings": { + "allOf": [ + { + "$ref": "#/definitions/SecurityMLAnalyticsSetting" + } + ], + "description": "Represents Anomaly Security ML Analytics Settings", + "properties": { + "properties": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsProperties", + "description": "Anomaly Security ML Analytics Settings properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomaly" + }, + "AnomalySecurityMLAnalyticsSettingsProperties": { + "description": "AnomalySecurityMLAnalytics settings base property bag.", + "properties": { + "description": { + "description": "The description of the SecurityMLAnalyticsSettings.", + "type": "string" + }, + "displayName": { + "description": "The display name for settings created by this SecurityMLAnalyticsSettings.", + "type": "string" + }, + "enabled": { + "description": "Determines whether this settings is enabled or disabled.", + "type": "boolean" + }, + "lastModifiedUtc": { + "description": "The last time that this SecurityMLAnalyticsSettings has been modified.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "requiredDataConnectors": { + "description": "The required data sources for this SecurityMLAnalyticsSettings", + "items": { + "$ref": "#/definitions/SecurityMLAnalyticsSettingsDataSource" + }, + "x-ms-identifiers": [ + "connectorId" + ], + "type": "array" + }, + "tactics": { + "description": "The tactics of the SecurityMLAnalyticsSettings", + "items": { + "$ref": "./common/AlertTypes.json#/definitions/AttackTactic" + }, + "type": "array" + }, + "techniques": { + "description": "The techniques of the SecurityMLAnalyticsSettings", + "items": { + "type": "string" + }, + "type": "array" + }, + "anomalyVersion": { + "description": "The anomaly version of the AnomalySecurityMLAnalyticsSettings.", + "type": "string" + }, + "customizableObservations": { + "description": "The customizable observations of the AnomalySecurityMLAnalyticsSettings.", + "type": "object" + }, + "frequency": { + "description": "The frequency that this SecurityMLAnalyticsSettings will be run.", + "format": "duration", + "type": "string" + }, + "settingsStatus": { + "$ref": "#/definitions/AnomalySecurityMLAnalyticsSettingsStatus", + "description": "The anomaly SecurityMLAnalyticsSettings status" + }, + "isDefaultSettings": { + "description": "Determines whether this anomaly security ml analytics settings is a default settings", + "type": "boolean" + }, + "anomalySettingsVersion": { + "description": "The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.", + "type": "integer", + "format": "int32" + }, + "settingsDefinitionId": { + "description": "The anomaly settings definition Id", + "format": "uuid", + "type": "string" + } + }, + "required": [ + "displayName", + "enabled", + "anomalyVersion", + "frequency", + "settingsStatus", + "isDefaultSettings" + ], + "type": "object" + }, + "SecurityMLAnalyticsSettingsDataSource": { + "description": "security ml analytics settings data sources", + "properties": { + "connectorId": { + "description": "The connector id that provides the following data types", + "type": "string" + }, + "dataTypes": { + "description": "The data types used by the security ml analytics settings", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "AnomalySecurityMLAnalyticsSettingsStatus": { + "description": "The anomaly SecurityMLAnalyticsSettings status", + "enum": [ + "Production", + "Flighting" + ], + "type": "string", + "x-ms-enum": { + "name": "SettingsStatus", + "modelAsString": true, + "values": [ + { + "description": "Anomaly settings status in Production mode", + "value": "Production" + }, + { + "description": "Anomaly settings status in Flighting mode", + "value": "Flighting" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json new file mode 100644 index 000000000000..8556d1e67785 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json @@ -0,0 +1,423 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings": { + "get": { + "x-ms-examples": { + "Get all settings.": { + "$ref": "./examples/settings/GetAllSettings.json" + } + }, + "tags": [ + "Settings" + ], + "description": "List of all the settings", + "operationId": "ProductSettings_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SettingList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}": { + "get": { + "x-ms-examples": { + "Get EyesOn settings.": { + "$ref": "./examples/settings/GetEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Gets a setting.", + "operationId": "ProductSettings_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete EyesOn settings.": { + "$ref": "./examples/settings/DeleteEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Delete setting of the product.", + "operationId": "ProductSettings_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update EyesOn settings.": { + "$ref": "./examples/settings/UpdateEyesOnSetting.json" + } + }, + "tags": [ + "Settings" + ], + "description": "Updates setting.", + "operationId": "ProductSettings_Update", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SettingsName" + }, + { + "$ref": "#/parameters/Settings" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Settings" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SettingList": { + "description": "List of all the settings.", + "properties": { + "value": { + "description": "Array of settings.", + "items": { + "$ref": "#/definitions/Settings" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Settings": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "The Setting.", + "properties": { + "kind": { + "description": "The kind of the setting", + "enum": [ + "Anomalies", + "EyesOn", + "EntityAnalytics", + "Ueba" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingKind" + } + } + }, + "required": [ + "kind" + ], + "discriminator": "kind", + "type": "object" + }, + "Anomalies": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/AnomaliesSettingsProperties", + "description": "Anomalies properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Anomalies" + }, + "AnomaliesSettingsProperties": { + "description": "Anomalies property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EyesOn": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EyesOnSettingsProperties", + "description": "EyesOn properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EyesOn" + }, + "EyesOnSettingsProperties": { + "description": "EyesOn property bag.", + "properties": { + "isEnabled": { + "description": "Determines whether the setting is enable or disabled.", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "EntityAnalytics": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/EntityAnalyticsProperties", + "description": "EntityAnalytics properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "EntityAnalytics" + }, + "EntityAnalyticsProperties": { + "description": "EntityAnalytics property bag.", + "properties": { + "entityProviders": { + "description": "The relevant entity providers that are synced", + "items": { + "$ref": "#/definitions/EntityProviders" + }, + "type": "array" + } + }, + "type": "object" + }, + "EntityProviders": { + "description": "The entity provider that is synced.", + "enum": [ + "ActiveDirectory", + "AzureActiveDirectory" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityProviders" + } + }, + "Ueba": { + "allOf": [ + { + "$ref": "#/definitions/Settings" + } + ], + "description": "Settings with single toggle.", + "properties": { + "properties": { + "$ref": "#/definitions/UebaProperties", + "description": "Ueba properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ueba" + }, + "UebaProperties": { + "description": "Ueba property bag.", + "properties": { + "dataSources": { + "description": "The relevant data sources that enriched by ueba", + "items": { + "$ref": "#/definitions/UebaDataSources" + }, + "type": "array" + } + }, + "type": "object" + }, + "UebaDataSources": { + "description": "The data source that enriched by ueba.", + "enum": [ + "AuditLogs", + "AzureActivity", + "SecurityEvent", + "SigninLogs" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "UebaDataSources" + } + } + }, + "parameters": { + "Settings": { + "description": "The setting", + "in": "body", + "name": "settings", + "required": true, + "schema": { + "$ref": "#/definitions/Settings" + }, + "x-ms-parameter-location": "method" + }, + "SettingsName": { + "description": "The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba", + "in": "path", + "name": "settingsName", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json new file mode 100644 index 000000000000..af73eeedee24 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json @@ -0,0 +1,971 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories": { + "post": { + "x-ms-examples": { + "Get repository list.": { + "$ref": "./examples/repositories/GetRepositories.json" + } + }, + "tags": [ + "Repositories" + ], + "description": "Gets a list of repositories metadata.", + "operationId": "SourceControl_listRepositories", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RepoTypeParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/RepoList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols": { + "get": { + "x-ms-examples": { + "Get all source controls.": { + "$ref": "./examples/sourcecontrols/GetSourceControls.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets all source controls, without source control items.", + "operationId": "SourceControls_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControlList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}": { + "get": { + "x-ms-examples": { + "Get a source control.": { + "$ref": "./examples/sourcecontrols/GetSourceControlById.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Gets a source control byt its identifier.", + "operationId": "SourceControls_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a source control.": { + "$ref": "./examples/sourcecontrols/CreateSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Creates a source control.", + "operationId": "SourceControls_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + }, + { + "$ref": "#/parameters/SourceControl" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SourceControl" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete": { + "post": { + "x-ms-examples": { + "Delete a source control.": { + "$ref": "./examples/sourcecontrols/DeleteSourceControl.json" + } + }, + "tags": [ + "SourceControls" + ], + "description": "Delete a source control.", + "operationId": "SourceControls_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/SourceControlIdParameter" + }, + { + "$ref": "#/parameters/RepositoryAccess" + } + ], + "responses": { + "200": { + "description": "Source control deleted.", + "schema": { + "$ref": "#/definitions/Warning" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "RepoList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of repositories.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of repositories.", + "items": { + "$ref": "#/definitions/Repo" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Repo": { + "description": "Represents a repository.", + "properties": { + "url": { + "description": "The url to access the repository.", + "type": "string" + }, + "fullName": { + "description": "The name of the repository.", + "type": "string" + }, + "branches": { + "description": "Array of branches.", + "items": { + "description": "name of branch.", + "type": "string" + }, + "type": "array" + } + }, + "x-ms-azure-resource": false, + "type": "object" + }, + "SourceControlList": { + "description": "List all the source controls.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of source controls.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of source controls.", + "items": { + "$ref": "#/definitions/SourceControl" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "SourceControl": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a SourceControl in Azure Security Insights.", + "properties": { + "properties": { + "description": "source control properties", + "$ref": "#/definitions/SourceControlProperties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "SourceControlProperties": { + "description": "Describes source control properties", + "properties": { + "id": { + "description": "The id (a Guid) of the source control", + "type": "string", + "readOnly": true + }, + "version": { + "$ref": "#/definitions/Version", + "description": "The version number associated with the source control", + "type": "string" + }, + "displayName": { + "description": "The display name of the source control", + "type": "string" + }, + "description": { + "description": "A description of the source control", + "type": "string" + }, + "repoType": { + "$ref": "#/definitions/RepoType", + "description": "The repository type of the source control", + "type": "string" + }, + "contentTypes": { + "description": "Array of source control content types.", + "items": { + "$ref": "#/definitions/ContentType" + }, + "type": "array" + }, + "repository": { + "description": "Repository metadata.", + "$ref": "#/definitions/Repository" + }, + "servicePrincipal": { + "description": "Service principal metadata.", + "$ref": "#/definitions/ServicePrincipal" + }, + "repositoryAccess": { + "description": "Repository access credentials. This is write-only object and it never returns back to a user.", + "x-ms-mutability": [ + "create", + "update" + ], + "$ref": "#/definitions/RepositoryAccess" + }, + "repositoryResourceInfo": { + "description": "Information regarding the resources created in user's repository.", + "$ref": "#/definitions/RepositoryResourceInfo" + }, + "lastDeploymentInfo": { + "description": "Information regarding the latest deployment for the source control.", + "$ref": "#/definitions/DeploymentInfo" + }, + "pullRequest": { + "description": "Information regarding the pull request of the source control.", + "$ref": "#/definitions/PullRequest" + } + }, + "required": [ + "displayName", + "repoType", + "contentTypes", + "repository" + ], + "type": "object" + }, + "RepositoryAccess": { + "type": "object", + "description": "Credentials to access repository.", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "The kind of repository access credentials", + "$ref": "#/definitions/RepositoryAccessKind" + }, + "code": { + "x-ms-secret": true, + "type": "string", + "description": "OAuth Code. Required when `kind` is `OAuth`" + }, + "state": { + "x-ms-secret": true, + "type": "string", + "description": "OAuth State. Required when `kind` is `OAuth`" + }, + "clientId": { + "type": "string", + "description": "OAuth ClientId. Required when `kind` is `OAuth`" + }, + "token": { + "x-ms-secret": true, + "type": "string", + "description": "Personal Access Token. Required when `kind` is `PAT`" + }, + "installationId": { + "type": "string", + "description": "Application installation ID. Required when `kind` is `App`. Supported by `GitHub` only." + } + } + }, + "Repository": { + "type": "object", + "required": [ + "url", + "branch" + ], + "description": "metadata of a repository.", + "properties": { + "url": { + "description": "Url of repository.", + "type": "string" + }, + "branch": { + "description": "Branch name of repository.", + "type": "string" + }, + "displayUrl": { + "description": "Display url of repository.", + "type": "string" + }, + "deploymentLogsUrl": { + "description": "Url to access repository action logs.", + "type": "string", + "readOnly": true + } + } + }, + "ServicePrincipal": { + "readOnly": true, + "type": "object", + "description": "Service principal metadata.", + "properties": { + "id": { + "description": "Id of service principal.", + "type": "string", + "readOnly": true + }, + "tenantId": { + "description": "Tenant id of service principal.", + "type": "string", + "readOnly": true + }, + "appId": { + "description": "App id of service principal.", + "type": "string", + "readOnly": true + } + } + }, + "RepositoryResourceInfo": { + "type": "object", + "description": "Resources created in user's repository for the source-control.", + "properties": { + "webhook": { + "type": "object", + "description": "The webhook object created for the source-control.", + "$ref": "#/definitions/Webhook" + }, + "gitHubResourceInfo": { + "type": "object", + "description": "Resources created in GitHub for this source-control.", + "$ref": "#/definitions/GitHubResourceInfo" + }, + "azureDevOpsResourceInfo": { + "type": "object", + "description": "Resources created in Azure DevOps for this source-control.", + "$ref": "#/definitions/AzureDevOpsResourceInfo" + } + } + }, + "Webhook": { + "description": "Detail about the webhook object.", + "type": "object", + "properties": { + "webhookId": { + "description": "Unique identifier for the webhook.", + "type": "string", + "readOnly": true + }, + "webhookUrl": { + "description": "URL that gets invoked by the webhook.", + "type": "string", + "readOnly": true + }, + "webhookSecretUpdateTime": { + "format": "date-time", + "description": "Time when the webhook secret was updated.", + "type": "string", + "readOnly": true + }, + "rotateWebhookSecret": { + "description": "A flag to instruct the backend service to rotate webhook secret.", + "type": "boolean" + } + } + }, + "GitHubResourceInfo": { + "readOnly": true, + "description": "Resources created in GitHub repository.", + "type": "object", + "properties": { + "appInstallationId": { + "description": "GitHub application installation id.", + "type": "string" + } + } + }, + "AzureDevOpsResourceInfo": { + "readOnly": true, + "description": "Resources created in Azure DevOps repository.", + "type": "object", + "properties": { + "pipelineId": { + "description": "Id of the pipeline created for the source-control.", + "type": "string" + }, + "serviceConnectionId": { + "description": "Id of the service-connection created for the source-control.", + "type": "string" + } + } + }, + "DeploymentInfo": { + "readOnly": true, + "description": "Information regarding a deployment.", + "type": "object", + "properties": { + "deploymentFetchStatus": { + "$ref": "#/definitions/DeploymentFetchStatus", + "description": "Status while fetching the last deployment.", + "type": "string" + }, + "deployment": { + "$ref": "#/definitions/Deployment", + "description": "Deployment information.", + "type": "object" + }, + "message": { + "description": "Additional details about the deployment that can be shown to the user.", + "type": "string" + } + } + }, + "Deployment": { + "description": "Description about a deployment.", + "type": "object", + "properties": { + "deploymentId": { + "description": "Deployment identifier.", + "type": "string" + }, + "deploymentState": { + "$ref": "#/definitions/DeploymentState", + "description": "Current status of the deployment.", + "type": "string" + }, + "deploymentResult": { + "$ref": "#/definitions/DeploymentResult", + "description": "The outcome of the deployment.", + "type": "string" + }, + "deploymentTime": { + "format": "date-time", + "description": "The time when the deployment finished.", + "type": "string" + }, + "deploymentLogsUrl": { + "description": "Url to access repository action logs.", + "type": "string" + } + } + }, + "ContentType": { + "description": "The content type of a source control path.", + "enum": [ + "AnalyticRule", + "AutomationRule", + "HuntingQuery", + "Parser", + "Playbook", + "Workbook" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ContentType", + "values": [ + { + "value": "AnalyticRule" + }, + { + "value": "AutomationRule" + }, + { + "value": "HuntingQuery" + }, + { + "value": "Parser" + }, + { + "value": "Playbook" + }, + { + "value": "Workbook" + } + ] + } + }, + "RepoType": { + "description": "The type of repository.", + "enum": [ + "Github", + "AzureDevOps" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RepoType", + "values": [ + { + "value": "Github" + }, + { + "value": "AzureDevOps" + } + ] + } + }, + "RepositoryAccessKind": { + "description": "The kind of repository access credentials", + "enum": [ + "OAuth", + "PAT", + "App" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RepositoryAccessKind", + "values": [ + { + "value": "OAuth" + }, + { + "value": "PAT" + }, + { + "value": "App" + } + ] + } + }, + "Version": { + "readOnly": true, + "description": "The version of the source control.", + "enum": [ + "V1", + "V2" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "Version", + "values": [ + { + "value": "V1" + }, + { + "value": "V2" + } + ] + } + }, + "DeploymentFetchStatus": { + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Unauthorized", + "NotFound" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentFetchStatus", + "values": [ + { + "value": "Success" + }, + { + "value": "Unauthorized" + }, + { + "value": "NotFound" + } + ] + } + }, + "DeploymentState": { + "description": "The current state of the deployment.", + "enum": [ + "In_Progress", + "Completed", + "Queued", + "Canceling" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentState", + "values": [ + { + "value": "In_Progress" + }, + { + "value": "Completed" + }, + { + "value": "Queued" + }, + { + "value": "Canceling" + } + ] + } + }, + "DeploymentResult": { + "description": "Status while trying to fetch the deployment information.", + "enum": [ + "Success", + "Canceled", + "Failed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeploymentResult", + "values": [ + { + "value": "Success" + }, + { + "value": "Canceled" + }, + { + "value": "Failed" + } + ] + } + }, + "PullRequest": { + "readOnly": true, + "description": "Information regarding pull request for protected branches.", + "type": "object", + "properties": { + "url": { + "description": "URL of pull request", + "type": "string", + "readOnly": true + }, + "state": { + "$ref": "#/definitions/PullRequestState", + "description": "State of the pull request", + "type": "object", + "readOnly": true + } + } + }, + "PullRequestState": { + "description": "Status of the pull request.", + "enum": [ + "Open", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "state", + "values": [ + { + "value": "Open" + }, + { + "value": "Closed" + } + ] + } + }, + "Warning": { + "description": "Warning response structure.", + "x-ms-external": true, + "properties": { + "warning": { + "$ref": "#/definitions/WarningBody", + "description": "Warning data." + } + }, + "type": "object" + }, + "WarningBody": { + "readOnly": true, + "x-ms-external": true, + "description": "Warning details.", + "properties": { + "code": { + "description": "An identifier for the warning. Codes are invariant and are intended to be consumed programmatically.", + "readOnly": true, + "type": "object", + "$ref": "#/definitions/WarningCode" + }, + "message": { + "description": "A message describing the warning, intended to be suitable for display in a user interface.", + "readOnly": true, + "type": "string" + }, + "details": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/WarningBody" + }, + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "WarningCode": { + "readOnly": true, + "description": "The type of repository.", + "enum": [ + "SourceControlWarning_DeleteServicePrincipal", + "SourceControlWarning_DeletePipelineFromAzureDevOps", + "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub", + "SourceControlWarning_DeleteRoleAssignment", + "SourceControl_DeletedWithWarnings" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "WarningCode", + "values": [ + { + "value": "SourceControlWarning_DeleteServicePrincipal" + }, + { + "value": "SourceControlWarning_DeletePipelineFromAzureDevOps" + }, + { + "value": "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" + }, + { + "value": "SourceControlWarning_DeleteRoleAssignment" + }, + { + "value": "SourceControl_DeletedWithWarnings" + } + ] + } + } + }, + "parameters": { + "RepoTypeParameter": { + "description": "The repo type.", + "in": "body", + "name": "repoType", + "required": true, + "schema": { + "$ref": "#/definitions/RepoType" + }, + "x-ms-parameter-location": "method" + }, + "SourceControlIdParameter": { + "description": "Source control Id", + "in": "path", + "name": "sourceControlId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SourceControl": { + "description": "The SourceControl", + "in": "body", + "name": "sourceControl", + "required": true, + "schema": { + "$ref": "#/definitions/SourceControl" + }, + "x-ms-parameter-location": "method" + }, + "RepositoryAccess": { + "description": "The repository access credentials.", + "in": "body", + "name": "repositoryAccess", + "required": true, + "schema": { + "required": [ + "repositoryAccess" + ], + "properties": { + "repositoryAccess": { + "$ref": "#/definitions/RepositoryAccess" + } + } + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json new file mode 100644 index 000000000000..8c8dfeacd197 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json @@ -0,0 +1,1097 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator": { + "post": { + "x-ms-examples": { + "Create a new Threat Intelligence": { + "$ref": "./examples/threatintelligence/CreateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Create a new threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_CreateIndicator", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to create indicators.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators": { + "get": { + "x-ms-examples": { + "Get all threat intelligence indicators": { + "$ref": "./examples/threatintelligence/GetThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get all threat intelligence indicators.", + "operationId": "ThreatIntelligenceIndicators_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataFilter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get indicators.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}": { + "get": { + "x-ms-examples": { + "View a threat intelligence indicator by name": { + "$ref": "./examples/threatintelligence/GetThreatIntelligenceById.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "View a threat intelligence indicator by name.", + "operationId": "ThreatIntelligenceIndicator_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to view an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Update a threat Intelligence indicator": { + "$ref": "./examples/threatintelligence/UpdateThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Update a threat Intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceProperties" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to update an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/DeleteThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Delete a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed to delete an indicator.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators": { + "post": { + "x-ms-examples": { + "Query threat intelligence indicators as per filtering criteria": { + "$ref": "./examples/threatintelligence/QueryThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Query threat intelligence indicators as per filtering criteria.", + "operationId": "ThreatIntelligenceIndicator_QueryIndicators", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceFilteringCriteria" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics": { + "get": { + "x-ms-examples": { + "Get threat intelligence indicators metrics.": { + "$ref": "./examples/threatintelligence/CollectThreatIntelligenceMetrics.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source).", + "operationId": "ThreatIntelligenceIndicatorMetrics_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceMetricsList" + } + }, + "default": { + "description": "Error response describing why the operation failed to get metrics.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags": { + "post": { + "x-ms-examples": { + "Append tags to a threat intelligence indicator": { + "$ref": "./examples/threatintelligence/AppendTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Append tags to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_AppendTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceAppendTags" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed to append tags.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags": { + "post": { + "x-ms-examples": { + "Replace tags to a Threat Intelligence": { + "$ref": "./examples/threatintelligence/ReplaceTagsThreatIntelligence.json" + } + }, + "tags": [ + "ThreatIntelligence" + ], + "description": "Replace tags added to a threat intelligence indicator.", + "operationId": "ThreatIntelligenceIndicator_ReplaceTags", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceName" + }, + { + "$ref": "#/parameters/ThreatIntelligenceReplaceTags" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + }, + "default": { + "description": "Error response describing why the operation failed to replace tags.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "parameters": { + "ThreatIntelligenceName": { + "description": "Threat intelligence indicator name field.", + "in": "path", + "name": "name", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceProperties": { + "description": "Properties of threat intelligence indicators to create and update.", + "in": "body", + "name": "ThreatIntelligenceProperties", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceReplaceTags": { + "description": "Tags in the threat intelligence indicator to be replaced.", + "in": "body", + "name": "ThreatIntelligenceReplaceTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorModel" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "in": "body", + "name": "ThreatIntelligenceFilteringCriteria", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceFilteringCriteria" + }, + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceIndicatorEntityKind": { + "description": "The threat intelligence entity kind", + "in": "query", + "name": "ctiEntityKind", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ThreatIntelligenceAppendTags": { + "description": "The threat intelligence append tags request body", + "in": "body", + "name": "ThreatIntelligenceAppendTags", + "required": true, + "schema": { + "$ref": "#/definitions/ThreatIntelligenceAppendTags" + }, + "x-ms-parameter-location": "method" + } + }, + "definitions": { + "ThreatIntelligenceInformationList": { + "description": "List of all the threat intelligence information objects.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of information objects.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of threat intelligence information objects.", + "items": { + "$ref": "#/definitions/ThreatIntelligenceInformation" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "ThreatIntelligenceInformation": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Threat intelligence information object.", + "properties": { + "kind": { + "$ref": "#/definitions/ThreatIntelligenceResourceInnerKind", + "description": "The kind of the entity." + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "ThreatIntelligenceIndicatorModel": { + "allOf": [ + { + "$ref": "#/definitions/ThreatIntelligenceInformation" + } + ], + "description": "Threat intelligence indicator entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ThreatIntelligenceIndicatorProperties", + "description": "Threat Intelligence Entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "indicator" + }, + "ThreatIntelligenceResourceInnerKind": { + "description": "The kind of the threat intelligence entity", + "enum": [ + "indicator" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceResourceInnerKind", + "values": [ + { + "description": "Entity represents threat intelligence indicator in the system.", + "value": "indicator" + } + ] + } + }, + "ThreatIntelligenceIndicatorProperties": { + "allOf": [ + { + "$ref": "./common/EntityTypes.json#/definitions/EntityCommonProperties" + } + ], + "description": "Describes threat intelligence entity properties", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags", + "items": { + "description": "tag", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "lastUpdatedTimeUtc": { + "description": "Last updated time in UTC", + "type": "string" + }, + "source": { + "description": "Source of a threat intelligence entity", + "type": "string" + }, + "displayName": { + "description": "Display name of a threat intelligence entity", + "type": "string" + }, + "description": { + "description": "Description of a threat intelligence entity", + "type": "string" + }, + "indicatorTypes": { + "description": "Indicator types of threat intelligence entities", + "items": { + "description": "Indicator type of a threat intelligence entity", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "pattern": { + "description": "Pattern of a threat intelligence entity", + "type": "string" + }, + "patternType": { + "description": "Pattern type of a threat intelligence entity", + "type": "string" + }, + "patternVersion": { + "description": "Pattern version of a threat intelligence entity", + "type": "string" + }, + "killChainPhases": { + "description": "Kill chain phases", + "items": { + "description": "Kill chain phase", + "$ref": "#/definitions/ThreatIntelligenceKillChainPhase" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "parsedPattern": { + "description": "Parsed patterns", + "items": { + "description": "Parsed pattern", + "$ref": "#/definitions/ThreatIntelligenceParsedPattern" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "externalId": { + "description": "External ID of threat intelligence entity", + "type": "string" + }, + "createdByRef": { + "description": "Created by reference of threat intelligence entity", + "type": "string" + }, + "defanged": { + "description": "Is threat intelligence entity defanged", + "type": "boolean" + }, + "externalLastUpdatedTimeUtc": { + "description": "External last updated time in UTC", + "type": "string" + }, + "externalReferences": { + "description": "External References", + "items": { + "description": "external_reference", + "$ref": "#/definitions/ThreatIntelligenceExternalReference" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "granularMarkings": { + "description": "Granular Markings", + "items": { + "description": "Granular marking", + "$ref": "#/definitions/ThreatIntelligenceGranularMarkingModel" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "labels": { + "description": "Labels of threat intelligence entity", + "items": { + "description": "label", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "revoked": { + "description": "Is threat intelligence entity revoked", + "type": "boolean" + }, + "confidence": { + "description": "Confidence of threat intelligence entity", + "type": "integer", + "format": "int32" + }, + "objectMarkingRefs": { + "description": "Threat intelligence entity object marking references", + "items": { + "description": "Threat intelligence entity object marking reference", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "language": { + "description": "Language of threat intelligence entity", + "type": "string" + }, + "threatTypes": { + "description": "Threat types", + "items": { + "description": "Threat type", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "validFrom": { + "description": "Valid from", + "type": "string" + }, + "validUntil": { + "description": "Valid until", + "type": "string" + }, + "created": { + "description": "Created by", + "type": "string" + }, + "modified": { + "description": "Modified by", + "type": "string" + }, + "extensions": { + "description": "Extensions map", + "type": "object", + "additionalProperties": {} + } + }, + "type": "object" + }, + "ThreatIntelligenceKillChainPhase": { + "description": "Describes threat kill chain phase entity", + "properties": { + "killChainName": { + "description": "Kill chainName name", + "type": "string" + }, + "phaseName": { + "description": "Phase name", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPattern": { + "description": "Describes parsed pattern entity", + "properties": { + "patternTypeKey": { + "description": "Pattern type key", + "type": "string" + }, + "patternTypeValues": { + "description": "Pattern type keys", + "items": { + "description": "Pattern type key", + "$ref": "#/definitions/ThreatIntelligenceParsedPatternTypeValue" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceParsedPatternTypeValue": { + "description": "Describes threat kill chain phase entity", + "properties": { + "valueType": { + "description": "Type of the value", + "type": "string" + }, + "value": { + "description": "Value of parsed pattern", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceGranularMarkingModel": { + "description": "Describes threat granular marking model entity", + "properties": { + "language": { + "description": "Language granular marking model", + "type": "string" + }, + "markingRef": { + "description": "marking reference granular marking model", + "type": "integer", + "format": "int32" + }, + "selectors": { + "description": "granular marking model selectors", + "items": { + "description": "granular marking model selector", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceExternalReference": { + "description": "Describes external reference", + "properties": { + "description": { + "description": "External reference description", + "type": "string" + }, + "externalId": { + "description": "External reference ID", + "type": "string" + }, + "sourceName": { + "description": "External reference source name", + "type": "string" + }, + "url": { + "description": "External reference URL", + "type": "string" + }, + "hashes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "External reference hashes" + } + }, + "type": "object" + }, + "ThreatIntelligenceFilteringCriteria": { + "description": "Filtering criteria for querying threat intelligence indicators.", + "properties": { + "pageSize": { + "description": "Page size", + "type": "integer", + "format": "int32" + }, + "minConfidence": { + "description": "Minimum confidence.", + "type": "integer", + "format": "int32" + }, + "maxConfidence": { + "description": "Maximum confidence.", + "type": "integer", + "format": "int32" + }, + "minValidUntil": { + "description": "Start time for ValidUntil filter.", + "type": "string" + }, + "maxValidUntil": { + "description": "End time for ValidUntil filter.", + "type": "string" + }, + "includeDisabled": { + "description": "Parameter to include/exclude disabled indicators.", + "type": "boolean" + }, + "sortBy": { + "description": "Columns to sort by and sorting order", + "items": { + "description": "Sort By", + "$ref": "#/definitions/ThreatIntelligenceSortingCriteria" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "sources": { + "description": "Sources of threat intelligence indicators", + "items": { + "description": "Source", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "patternTypes": { + "description": "Pattern types", + "items": { + "description": "Pattern type", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "threatTypes": { + "description": "Threat types of threat intelligence indicators", + "items": { + "description": "Threat type of a threat intelligence indicator", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "ids": { + "description": "Ids of threat intelligence indicators", + "items": { + "description": "Id of a threat intelligence indicator", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "keywords": { + "description": "Keywords for searching threat intelligence indicators", + "items": { + "description": "keyword for searching threat intelligence indicators", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "skipToken": { + "description": "Skip token.", + "type": "string" + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingCriteria": { + "description": "List of available columns for sorting", + "properties": { + "itemKey": { + "description": "Column name", + "type": "string" + }, + "sortOrder": { + "$ref": "#/definitions/ThreatIntelligenceSortingOrder", + "description": "Sorting order (ascending/descending/unsorted)." + } + }, + "type": "object" + }, + "ThreatIntelligenceSortingOrder": { + "description": "Sorting order (ascending/descending/unsorted).", + "enum": [ + "unsorted", + "ascending", + "descending" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ThreatIntelligenceSortingOrder", + "values": [ + { + "value": "unsorted" + }, + { + "value": "ascending" + }, + { + "value": "descending" + } + ] + } + }, + "ThreatIntelligenceAppendTags": { + "description": "Array of tags to be appended to the threat intelligence indicator.", + "properties": { + "threatIntelligenceTags": { + "description": "List of tags to be appended.", + "items": { + "description": "parameter", + "type": "string" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricsList": { + "description": "List of all the threat intelligence metric fields (type/threat type/source).", + "properties": { + "value": { + "description": "Array of threat intelligence metric fields (type/threat type/source).", + "items": { + "$ref": "#/definitions/ThreatIntelligenceMetrics" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "ThreatIntelligenceMetrics": { + "description": "Threat intelligence metrics.", + "properties": { + "properties": { + "description": "Threat intelligence metrics.", + "$ref": "#/definitions/ThreatIntelligenceMetric" + } + }, + "type": "object" + }, + "ThreatIntelligenceMetric": { + "description": "Describes threat intelligence metric", + "properties": { + "lastUpdatedTimeUtc": { + "description": "Last updated indicator metric", + "type": "string" + }, + "threatTypeMetrics": { + "description": "Threat type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "patternTypeMetrics": { + "description": "Pattern type metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "sourceMetrics": { + "description": "Source metrics", + "items": { + "description": "parameter", + "$ref": "#/definitions/ThreatIntelligenceMetricEntity" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ThreatIntelligenceMetricEntity": { + "description": "Describes threat intelligence metric entity", + "properties": { + "metricName": { + "description": "Metric name", + "type": "string" + }, + "metricValue": { + "description": "Metric value", + "type": "integer", + "format": "int32" + } + }, + "type": "object" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json new file mode 100644 index 000000000000..857932779c69 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json @@ -0,0 +1,353 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}": { + "get": { + "tags": [ + "triggered analytics rule run" + ], + "description": "Gets the triggered analytics rule run.", + "operationId": "triggeredAnalyticsRuleRun_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "description": "the triggered rule id", + "in": "path", + "name": "ruleRunId", + "required": true, + "type": "string" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRun_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns": { + "get": { + "tags": [ + "triggered analytics rule runs" + ], + "description": "Gets the triggered analytics rule runs.", + "operationId": "getTriggeredAnalyticsRuleRuns_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRuns" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "triggeredAnalyticsRuleRuns_Get": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/triggerRuleRun": { + "post": { + "tags": [ + "trigger analytics rule run" + ], + "description": "triggers analytics rule run", + "operationId": "alertRule_TriggerRuleRun", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/AnalyticsRuleRunTriggerParameter" + } + ], + "responses": { + "202": { + "description": "The analytics rule run was successfully triggered.", + "headers": { + "Location": { + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "triggerRuleRun_Post": { + "$ref": "./examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json" + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + } + }, + "definitions": { + "ProvisioningState": { + "enum": [ + "Accepted", + "InProgress", + "Succeeded", + "Failed", + "Canceled" + ], + "description": "The triggered analytics rule run provisioning state", + "type": "string", + "example": "Accepted", + "x-ms-enum": { + "name": "ProvisioningState", + "modelAsString": true, + "values": [ + { + "value": "Accepted" + }, + { + "value": "InProgress" + }, + { + "value": "Succeeded" + }, + { + "value": "Failed" + }, + { + "value": "Canceled" + } + ] + } + }, + "TriggeredAnalyticsRuleRun": { + "required": [ + "properties" + ], + "description": "The triggered analytics rule run", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRunProperties", + "x-ms-client-flatten": true + } + } + }, + "TriggeredAnalyticsRuleRunProperties": { + "required": [ + "executionTimeUtc", + "provisioningState", + "ruleId", + "triggeredAnalyticsRuleRunId" + ], + "description": "The triggered analytics rule run Properties", + "type": "object", + "properties": { + "executionTimeUtc": { + "format": "date-time", + "type": "string" + }, + "ruleId": { + "type": "string" + }, + "triggeredAnalyticsRuleRunId": { + "type": "string" + }, + "provisioningState": { + "$ref": "#/definitions/ProvisioningState" + }, + "ruleRunAdditionalData": { + "type": "object", + "additionalProperties": {} + } + } + }, + "TriggeredAnalyticsRuleRuns": { + "required": [ + "value" + ], + "description": "The triggered analytics rule run array", + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/TriggeredAnalyticsRuleRun" + } + }, + "nextLink": { + "type": "string", + "readOnly": true + } + } + }, + "AnalyticsRuleRunTriggerProperties": { + "required": [ + "executionTimeUtc" + ], + "description": "The Analytics Rule Run Trigger properties", + "type": "object", + "properties": { + "executionTimeUtc": { + "format": "date-time", + "type": "string" + } + } + }, + "AnalyticsRuleRunTrigger": { + "required": [ + "properties" + ], + "description": "Analytics Rule Run Trigger request", + "properties": { + "properties": { + "$ref": "#/definitions/AnalyticsRuleRunTriggerProperties", + "description": "The analytics Rule Run Trigger request", + "x-ms-client-flatten": true + } + }, + "type": "object" + } + }, + "parameters": { + "RuleId": { + "description": "Alert rule ID", + "in": "path", + "name": "ruleId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "AnalyticsRuleRunTriggerParameter": { + "description": "The Analytics Rule Run Trigger parameter", + "in": "body", + "name": "analyticsRuleRunTriggerParameter", + "required": true, + "schema": { + "$ref": "#/definitions/AnalyticsRuleRunTrigger" + }, + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + }, + "description": "Azure Active Directory OAuth2 Flow" + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "tags": [ + { + "name": "AnalyticsOnDemandArm", + "description": "Controller that handles requests for triggeredAnalyticsRuleRuns ARM API." + }, + { + "name": "AnalyticsOnDemandArm", + "description": "Triggered Analytics Rule Runs" + } + ], + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ] +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json new file mode 100644 index 000000000000..d8dcd21f4fb4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json @@ -0,0 +1,721 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists": { + "get": { + "x-ms-examples": { + "Get all watchlists.": { + "$ref": "./examples/watchlists/GetWatchlists.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets all watchlists, without watchlist items.", + "operationId": "Watchlists_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}": { + "get": { + "x-ms-examples": { + "Get a watchlist.": { + "$ref": "./examples/watchlists/GetWatchlistByAlias.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "Watchlists_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist.": { + "$ref": "./examples/watchlists/DeleteWatchlist.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Delete a watchlist.", + "operationId": "Watchlists_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "headers": { + "Azure-AsyncOperation": { + "description": "Contains the status URL on which clients are expected to poll the status of the delete operation.", + "type": "string" + } + } + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist.": { + "$ref": "./examples/watchlists/CreateWatchlist.json" + }, + "Creates or updates a watchlist and bulk creates watchlist items.": { + "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json" + } + }, + "tags": [ + "Watchlists" + ], + "description": "Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation header.", + "operationId": "Watchlists_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/Watchlist" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Watchlist" + } + }, + "201": { + "description": "Created. The response includes the Provisioning State and the Azure-AsyncOperation header. To get the progress of the operation, call GET operation on the URL in Azure-AsyncOperation header field.", + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "headers": { + "Azure-AsyncOperation": { + "description": "Contains the status URL on which clients are expected to poll the status of the operation.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems": { + "get": { + "x-ms-examples": { + "Get all watchlist Items.": { + "$ref": "./examples/watchlists/GetWatchlistItems.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets all watchlist Items.", + "operationId": "WatchlistItems_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + }, + { + "$ref": "#/parameters/WatchlistAlias" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItemList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}": { + "get": { + "x-ms-examples": { + "Get a watchlist item.": { + "$ref": "./examples/watchlists/GetWatchlistItemById.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Gets a watchlist, without its watchlist items.", + "operationId": "WatchlistItems_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a watchlist Item.": { + "$ref": "./examples/watchlists/DeleteWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Delete a watchlist item.", + "operationId": "WatchlistItems_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a watchlist item.": { + "$ref": "./examples/watchlists/CreateWatchlistItem.json" + } + }, + "tags": [ + "WatchlistItems" + ], + "description": "Creates or updates a watchlist item.", + "operationId": "WatchlistItems_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WatchlistAlias" + }, + { + "$ref": "#/parameters/WatchlistItemId" + }, + { + "$ref": "#/parameters/WatchlistItem" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WatchlistItem" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "WatchlistList": { + "description": "List all the watchlists.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlists.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist.", + "items": { + "$ref": "#/definitions/Watchlist" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Watchlist": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistProperties", + "description": "Watchlist properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistProperties": { + "description": "Describes watchlist properties", + "properties": { + "watchlistId": { + "description": "The id (a Guid) of the watchlist", + "type": "string" + }, + "displayName": { + "description": "The display name of the watchlist", + "type": "string" + }, + "provider": { + "description": "The provider of the watchlist", + "type": "string" + }, + "source": { + "description": "The filename of the watchlist, called 'source'", + "type": "string" + }, + "sourceType": { + "description": "The sourceType of the watchlist", + "enum": [ + "Local file", + "Remote storage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "sourceType" + } + }, + "created": { + "description": "The time the watchlist was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the watchlist", + "type": "object" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist", + "type": "object" + }, + "description": { + "description": "A description of the watchlist", + "type": "string" + }, + "watchlistType": { + "description": "The type of the watchlist", + "type": "string" + }, + "watchlistAlias": { + "description": "The alias of the watchlist", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist is deleted or not", + "type": "boolean" + }, + "labels": { + "description": "List of labels relevant to this watchlist", + "items": { + "$ref": "../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array" + }, + "defaultDuration": { + "description": "The default duration of a watchlist (in ISO 8601 duration format)", + "format": "duration", + "type": "string" + }, + "tenantId": { + "description": "The tenantId where the watchlist belongs to", + "type": "string" + }, + "numberOfLinesToSkip": { + "description": "The number of lines in a csv/tsv content to skip before the header", + "type": "integer", + "format": "int32" + }, + "rawContent": { + "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint", + "type": "string" + }, + "itemsSearchKey": { + "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.", + "type": "string" + }, + "contentType": { + "description": "The content type of the raw content. Example : text/csv or text/tsv ", + "type": "string" + }, + "uploadStatus": { + "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted", + "type": "string" + } + }, + "required": [ + "displayName", + "provider", + "itemsSearchKey" + ], + "type": "object" + }, + "WatchlistItemList": { + "description": "List all the watchlist items.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of watchlist item.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of watchlist items.", + "items": { + "$ref": "#/definitions/WatchlistItem" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "WatchlistItem": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "Represents a Watchlist item in Azure Security Insights.", + "properties": { + "properties": { + "$ref": "#/definitions/WatchlistItemProperties", + "description": "Watchlist Item properties", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WatchlistItemProperties": { + "description": "Describes watchlist item properties", + "properties": { + "watchlistItemType": { + "description": "The type of the watchlist item", + "type": "string" + }, + "watchlistItemId": { + "description": "The id (a Guid) of the watchlist item", + "type": "string" + }, + "tenantId": { + "description": "The tenantId to which the watchlist item belongs to", + "type": "string" + }, + "isDeleted": { + "description": "A flag that indicates if the watchlist item is deleted or not", + "type": "boolean" + }, + "created": { + "description": "The time the watchlist item was created", + "format": "date-time", + "type": "string" + }, + "updated": { + "description": "The last time the watchlist item was updated", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the watchlist item", + "type": "object" + }, + "updatedBy": { + "$ref": "../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the watchlist item" + }, + "itemsKeyValue": { + "description": "key-value pairs for a watchlist item", + "type": "object", + "additionalProperties": {} + }, + "entityMapping": { + "description": "key-value pairs for a watchlist item entity mapping", + "type": "object", + "additionalProperties": {} + } + }, + "required": [ + "itemsKeyValue" + ], + "type": "object" + } + }, + "parameters": { + "WatchlistAlias": { + "description": "Watchlist Alias", + "in": "path", + "name": "watchlistAlias", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "Watchlist": { + "description": "The watchlist", + "in": "body", + "name": "watchlist", + "required": true, + "schema": { + "$ref": "#/definitions/Watchlist" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItem": { + "description": "The watchlist item", + "in": "body", + "name": "watchlistItem", + "required": true, + "schema": { + "$ref": "#/definitions/WatchlistItem" + }, + "x-ms-parameter-location": "method" + }, + "WatchlistItemId": { + "description": "Watchlist Item Id (GUID)", + "in": "path", + "name": "watchlistItemId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json new file mode 100644 index 000000000000..4584e1c4b44b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json @@ -0,0 +1,737 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments": { + "get": { + "x-ms-examples": { + "Get all workspace manager assignments for the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all workspace manager assignments for the Sentinel workspace manager.", + "operationId": "WorkspaceManagerAssignments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignmentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a workspace manager assignment", + "operationId": "WorkspaceManagerAssignments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Creates or updates a workspace manager assignment.", + "operationId": "WorkspaceManagerAssignments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignment" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes a workspace manager assignment", + "operationId": "WorkspaceManagerAssignments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs": { + "get": { + "x-ms-examples": { + "Get all jobs for the specified Sentinel workspace manager assignment.": { + "$ref": "./examples/workspaceManagerAssignments/GetAllJobs.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Get all jobs for the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/JobList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + }, + "post": { + "x-ms-examples": { + "Creates a job for the specified workspace manager assignment": { + "$ref": "./examples/workspaceManagerAssignments/CreateJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Create a job for the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_Create", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + } + ], + "responses": { + "200": { + "description": "Created", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/{workspaceManagerAssignmentName}/jobs/{jobName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager job": { + "$ref": "./examples/workspaceManagerAssignments/GetJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Gets a job", + "operationId": "WorkspaceManagerAssignmentJobs_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/JobName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/Job" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager job.": { + "$ref": "./examples/workspaceManagerAssignments/DeleteJob.json" + } + }, + "tags": [ + "workspaceManagerAssignments" + ], + "description": "Deletes the specified job from the specified workspace manager assignment", + "operationId": "WorkspaceManagerAssignmentJobs_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerAssignmentName" + }, + { + "$ref": "#/parameters/JobName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerAssignment": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager assignment", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerAssignmentProperties", + "description": "The workspace manager assignment object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerAssignmentProperties": { + "description": "The workspace manager assignment properties", + "properties": { + "targetResourceName": { + "description": "The resource name of the workspace manager group targeted by the workspace manager assignment", + "type": "string" + }, + "lastJobEndTime": { + "description": "The time the last job associated to this assignment ended at", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "lastJobProvisioningState": { + "description": "State of the last job associated to this assignment", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "provisioningState", + "values": [ + { + "description": "The job succeeded", + "value": "Succeeded" + }, + { + "description": "The job was canceled", + "value": "Canceled" + }, + { + "description": "The job is in progress", + "value": "InProgress" + }, + { + "description": "The job failed", + "value": "Failed" + } + ] + } + }, + "items": { + "description": "List of resources included in this workspace manager assignment", + "items": { + "$ref": "#/definitions/assignmentItem" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "required": [ + "targetResourceName", + "items" + ], + "type": "object" + }, + "assignmentItem": { + "description": "An entity describing a content item.", + "properties": { + "resourceId": { + "description": "The resource id of the content item", + "type": "string" + } + }, + "type": "object" + }, + "WorkspaceManagerAssignmentList": { + "description": "List of all the workspace manager assignments.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager assignments.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager assignments.", + "items": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + }, + "Job": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "description": "The assignment job", + "properties": { + "properties": { + "$ref": "#/definitions/JobProperties", + "description": "The job object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "JobProperties": { + "description": "The job properties", + "properties": { + "endTime": { + "description": "The time the job completed", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "items": { + "description": "List of items published by the job", + "items": { + "$ref": "#/definitions/jobItem" + }, + "x-ms-identifiers": [], + "type": "array" + }, + "provisioningState": { + "description": "State of the job", + "enum": [ + "Succeeded", + "InProgress", + "Canceled", + "Failed" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "provisioningState", + "values": [ + { + "description": "The job succeeded", + "value": "Succeeded" + }, + { + "description": "The job was canceled", + "value": "Canceled" + }, + { + "description": "The job is in progress", + "value": "InProgress" + }, + { + "description": "The job failed", + "value": "Failed" + } + ] + } + }, + "startTime": { + "description": "The time the job started", + "format": "date-time", + "type": "string", + "readOnly": true + }, + "errorMessage": { + "description": "Message to describe error, if an error exists", + "type": "string", + "readOnly": true + } + }, + "type": "object" + }, + "jobItem": { + "description": "An entity describing the publish status of a content item.", + "properties": { + "resourceId": { + "description": "The resource id of the content item", + "type": "string" + }, + "status": { + "description": "Status of the item publication", + "enum": [ + "Succeeded", + "Failed", + "InProgress" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "status", + "values": [ + { + "description": "The item publication succeeded", + "value": "Succeeded" + }, + { + "description": "The item publication failed", + "value": "Failed" + }, + { + "description": "The item publication is in progress", + "value": "InProgress" + } + ] + } + }, + "executionTime": { + "description": "The time the item publishing was completed", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "errors": { + "description": "The list of error descriptions if the item publication fails.", + "items": { + "$ref": "#/definitions/error" + }, + "x-ms-identifiers": [], + "type": "array" + } + }, + "type": "object" + }, + "error": { + "description": "The error description for why a publication failed", + "type": "object", + "properties": { + "memberResourceName": { + "description": "The member resource name for which the publication error occured", + "type": "string" + }, + "errorMessage": { + "description": "The error message", + "type": "string" + } + }, + "required": [ + "memberResourceName", + "errorMessage" + ] + }, + "JobList": { + "description": "List of all the jobs", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of jobs.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of jobs.", + "items": { + "$ref": "#/definitions/Job" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerAssignmentName": { + "description": "The name of the workspace manager assignment", + "in": "path", + "name": "workspaceManagerAssignmentName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerAssignment": { + "description": "The workspace manager assignment", + "in": "body", + "name": "workspaceManagerAssignment", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerAssignment" + }, + "x-ms-parameter-location": "method" + }, + "JobName": { + "description": "The job name", + "in": "path", + "name": "jobName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..c5b86f43a85f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json @@ -0,0 +1,323 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations": { + "get": { + "x-ms-examples": { + "Get all workspace manager configurations for a Sentinel workspace.": { + "$ref": "./examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets all workspace manager configurations for a Sentinel workspace.", + "operationId": "WorkspaceManagerConfigurations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfigurationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/{workspaceManagerConfigurationName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Gets a workspace manager configuration", + "operationId": "WorkspaceManagerConfigurations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager configuration.": { + "$ref": "./examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Deletes a workspace manager configuration", + "operationId": "WorkspaceManagerConfigurations_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or Update a workspace manager Configuration": { + "$ref": "./examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json" + } + }, + "tags": [ + "workspaceManagerConfigurations" + ], + "description": "Creates or updates a workspace manager configuration.", + "operationId": "WorkspaceManagerConfigurations_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfigurationName" + }, + { + "$ref": "#/parameters/WorkspaceManagerConfiguration" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerConfiguration": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager configuration", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerConfigurationProperties", + "description": "The workspace manager configuration object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerConfigurationProperties": { + "description": "The workspace manager configuration properties", + "properties": { + "mode": { + "description": "The current mode of the workspace manager configuration", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "mode", + "values": [ + { + "description": "The workspace manager configuration is enabled", + "value": "Enabled" + }, + { + "description": "The workspace manager configuration is disabled", + "value": "Disabled" + } + ] + } + } + }, + "required": [ + "mode" + ], + "type": "object" + }, + "WorkspaceManagerConfigurationList": { + "description": "List all the workspace manager configurations for the workspace.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager configurations.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager configurations.", + "items": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerConfigurationName": { + "description": "The name of the workspace manager configuration", + "in": "path", + "name": "workspaceManagerConfigurationName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerConfiguration": { + "description": "The workspace manager configuration", + "in": "body", + "name": "workspaceManagerConfiguration", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerConfiguration" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json new file mode 100644 index 000000000000..7dcb020f4bad --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json @@ -0,0 +1,318 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups": { + "get": { + "x-ms-examples": { + "Get all workspace manager groups in the Sentinel workspace manager.": { + "$ref": "./examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets all workspace manager groups in the Sentinel workspace manager", + "operationId": "WorkspaceManagerGroups_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroupList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerGroups/{workspaceManagerGroupName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager group": { + "$ref": "./examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Gets a workspace manager group", + "operationId": "WorkspaceManagerGroups_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Creates or updates a workspace manager group.", + "operationId": "WorkspaceManagerGroups_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroup" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager group.": { + "$ref": "./examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json" + } + }, + "tags": [ + "workspaceManagerGroups" + ], + "description": "Deletes a workspace manager group", + "operationId": "WorkspaceManagerGroups_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerGroupName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerGroup": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager group", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerGroupProperties", + "description": "The workspace manager group object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerGroupProperties": { + "description": "The workspace manager group properties", + "properties": { + "description": { + "description": "The description of the workspace manager group", + "type": "string" + }, + "displayName": { + "description": "The display name of the workspace manager group", + "type": "string" + }, + "memberResourceNames": { + "description": "The names of the workspace manager members participating in this group.", + "items": { + "description": "memberResourceName", + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "displayName", + "memberResourceNames" + ], + "type": "object" + }, + "WorkspaceManagerGroupList": { + "description": "List of all the workspace manager groups.", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager groups.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager groups.", + "items": { + "$ref": "#/definitions/WorkspaceManagerGroup" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerGroupName": { + "description": "The name of the workspace manager group", + "in": "path", + "name": "workspaceManagerGroupName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerGroup": { + "description": "The workspace manager group object", + "in": "body", + "name": "workspaceManagerGroup", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerGroup" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json new file mode 100644 index 000000000000..42e2c5fb4c9c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json @@ -0,0 +1,310 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/": { + "get": { + "x-ms-examples": { + "Get all workspace manager members": { + "$ref": "./examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets all workspace manager members that exist for the given Sentinel workspace manager", + "operationId": "WorkspaceManagerMembers_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMembersList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/workspaceManagerMembers/{workspaceManagerMemberName}": { + "get": { + "x-ms-examples": { + "Get a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/GetWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Gets a workspace manager member", + "operationId": "WorkspaceManagerMembers_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or Update a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Creates or updates a workspace manager member", + "operationId": "WorkspaceManagerMembers_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMember" + } + ], + "responses": { + "200": { + "description": "OK, created or updated an instance", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a workspace manager member": { + "$ref": "./examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json" + } + }, + "tags": [ + "workspaceManagerMember" + ], + "description": "Deletes a workspace manager member", + "operationId": "WorkspaceManagerMembers_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/WorkspaceManagerMemberName" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "WorkspaceManagerMemberProperties": { + "description": "The workspace manager member properties", + "properties": { + "targetWorkspaceResourceId": { + "description": "Fully qualified resource ID of the target Sentinel workspace joining the given Sentinel workspace manager", + "type": "string" + }, + "targetWorkspaceTenantId": { + "description": "Tenant id of the target Sentinel workspace joining the given Sentinel workspace manager", + "type": "string" + } + }, + "required": [ + "targetWorkspaceResourceId", + "targetWorkspaceTenantId" + ], + "type": "object" + }, + "WorkspaceManagerMember": { + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/AzureEntityResource" + } + ], + "description": "The workspace manager member", + "properties": { + "properties": { + "$ref": "#/definitions/WorkspaceManagerMemberProperties", + "description": "The workspace manager member object", + "x-ms-client-flatten": true + } + }, + "type": "object" + }, + "WorkspaceManagerMembersList": { + "description": "List of workspace manager members", + "type": "object", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of workspace manager members", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of workspace manager members", + "items": { + "$ref": "#/definitions/WorkspaceManagerMember" + }, + "type": "array" + } + }, + "required": [ + "value" + ] + } + }, + "parameters": { + "WorkspaceManagerMemberName": { + "description": "The name of the workspace manager member", + "in": "path", + "name": "workspaceManagerMemberName", + "required": true, + "type": "string", + "pattern": "^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$", + "x-ms-parameter-location": "method" + }, + "WorkspaceManagerMember": { + "description": "The workspace manager member object", + "in": "body", + "name": "workspaceManagerMember", + "required": true, + "schema": { + "$ref": "#/definitions/WorkspaceManagerMember" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json new file mode 100644 index 000000000000..3cb89778380f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json @@ -0,0 +1,81 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "Common Alert types" + }, + "paths": {}, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "definitions": { + "AlertSeverityEnum": { + "description": "The severity of the alert", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "AttackTactic": { + "description": "The severity for alerts created by this alert rule.", + "enum": [ + "Reconnaissance", + "ResourceDevelopment", + "InitialAccess", + "Execution", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact", + "PreAttack", + "ImpairProcessControl", + "InhibitResponseFunction" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AttackTactic" + } + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json new file mode 100644 index 000000000000..1b56607ea476 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json @@ -0,0 +1,637 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "Common content metadata types" + }, + "paths": {}, + "definitions": { + "metadataContentId": { + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Can be optionally set for user created content to define dependencies. If an active content item is made from a metadata, both will have the same contentId.", + "type": "string" + }, + "metadataParentId": { + "description": "Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group)", + "type": "string" + }, + "metadataDisplayName": { + "description": "DisplayName of the content.", + "type": "string" + }, + "metadataVersion": { + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks", + "type": "string" + }, + "metadataPackageKind": { + "description": "The package kind", + "enum": [ + "Solution", + "Standalone" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "packageKind", + "values": [ + { + "value": "Solution" + }, + { + "value": "Standalone" + } + ] + } + }, + "metadataKind": { + "type": "string", + "description": "The kind of content the metadata is for.", + "enum": [ + "DataConnector", + "DataType", + "Workbook", + "WorkbookTemplate", + "Playbook", + "PlaybookTemplate", + "AnalyticsRuleTemplate", + "AnalyticsRule", + "HuntingQuery", + "InvestigationQuery", + "Parser", + "Watchlist", + "WatchlistTemplate", + "Solution", + "AzureFunction", + "LogicAppsCustomConnector", + "AutomationRule" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "kind", + "values": [ + { + "value": "DataConnector" + }, + { + "value": "DataType" + }, + { + "value": "Workbook" + }, + { + "value": "WorkbookTemplate" + }, + { + "value": "Playbook" + }, + { + "value": "PlaybookTemplate" + }, + { + "value": "AnalyticsRuleTemplate" + }, + { + "value": "AnalyticsRule" + }, + { + "value": "HuntingQuery" + }, + { + "value": "InvestigationQuery" + }, + { + "value": "Parser" + }, + { + "value": "Watchlist" + }, + { + "value": "WatchlistTemplate" + }, + { + "value": "Solution" + }, + { + "value": "AzureFunction" + }, + { + "value": "LogicAppsCustomConnector" + }, + { + "value": "AutomationRule" + } + ] + } + }, + "metadataTrueFalseFlag": { + "type": "string", + "description": "The boolean value the metadata is for.", + "enum": [ + "true", + "false" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "flag", + "values": [ + { + "value": "true" + }, + { + "value": "false" + } + ] + } + }, + "metadataSource": { + "description": "The original source of the content item, where it comes from.", + "type": "object", + "required": [ + "kind" + ], + "properties": { + "kind": { + "description": "Source type of the content", + "type": "string", + "enum": [ + "LocalWorkspace", + "Community", + "Solution", + "SourceRepository" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "sourceKind", + "values": [ + { + "value": "LocalWorkspace" + }, + { + "value": "Community" + }, + { + "value": "Solution" + }, + { + "value": "SourceRepository" + } + ] + } + }, + "name": { + "description": "Name of the content source. The repo name, solution name, LA workspace name etc.", + "type": "string" + }, + "sourceId": { + "description": "ID of the content source. The solution ID, workspace ID, etc", + "type": "string" + } + } + }, + "metadataAuthor": { + "type": "object", + "description": "Publisher or creator of the content item.", + "properties": { + "name": { + "description": "Name of the author. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of author contact", + "type": "string" + }, + "link": { + "description": "Link for author/vendor page", + "type": "string" + } + } + }, + "metadataSupport": { + "type": "object", + "description": "Support information for the content item.", + "required": [ + "tier" + ], + "properties": { + "tier": { + "description": "Type of support for content item", + "type": "string", + "enum": [ + "Microsoft", + "Partner", + "Community" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "supportTier", + "values": [ + { + "value": "Microsoft" + }, + { + "value": "Partner" + }, + { + "value": "Community" + } + ] + } + }, + "name": { + "description": "Name of the support contact. Company or person.", + "type": "string" + }, + "email": { + "description": "Email of support contact", + "type": "string" + }, + "link": { + "description": "Link for support help, like to support page to open a ticket etc.", + "type": "string" + } + } + }, + "metadataDependencies": { + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.", + "type": "object", + "properties": { + "contentId": { + "description": "Id of the content item we depend on", + "$ref": "#/definitions/metadataContentId" + }, + "kind": { + "description": "Type of the content item we depend on", + "$ref": "#/definitions/metadataKind" + }, + "version": { + "description": "Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required.", + "$ref": "#/definitions/metadataVersion" + }, + "name": { + "description": "Name of the content item", + "type": "string" + }, + "operator": { + "description": "Operator used for list of dependencies in criteria array.", + "type": "string", + "enum": [ + "AND", + "OR" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "operator", + "values": [ + { + "value": "AND" + }, + { + "value": "OR" + } + ] + } + }, + "criteria": { + "description": "This is the list of dependencies we must fulfill, according to the AND/OR operator", + "type": "array", + "items": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "x-ms-identifiers": [ + "contentId" + ], + "example": [ + { + "kind": "DataConnector", + "contentId": "68b1de8a-b635-430d-b208-01ba3dda5877", + "version": "1.0.0" + }, + { + "kind": "Workbook", + "contentId": "ad903b46-9905-4504-9825-3bcce796da8e", + "version": "1.0.0" + } + ] + } + } + }, + "metadataCategories": { + "type": "object", + "description": "ies for the solution content item", + "properties": { + "domains": { + "description": "domain for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "verticals": { + "description": "Industry verticals for the solution content item", + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "str1", + "str2", + "str3" + ] + } + } + }, + "metadataProviders": { + "description": "Providers for the solution content item", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "metadataFirstPublishDate": { + "description": "first publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataLastPublishDate": { + "description": "last publish date of solution content item", + "type": "string", + "format": "date" + }, + "metadataCustomVersion": { + "description": "The custom version of the content. A optional free text", + "type": "string" + }, + "metadataContentSchemaVersion": { + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version", + "type": "string" + }, + "metadataIcon": { + "description": "the icon identifier. this id can later be fetched from the metadata", + "type": "string" + }, + "metadataThreatAnalysisTactics": { + "description": "the tactics the resource covers", + "type": "array", + "example": [ + "reconnaissance", + "exfiltration" + ], + "items": { + "type": "string" + } + }, + "metadataThreatAnalysisTechniques": { + "description": "the techniques the resource covers, these have to be aligned with the tactics being used", + "type": "array", + "example": [ + "T1548", + "T1548.001", + "T1134.003" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImages": { + "description": "preview image file names. These will be taken from the solution artifacts", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataPreviewImagesDark": { + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support", + "type": "array", + "example": [ + "example.png", + "example2.jpeg" + ], + "items": { + "type": "string" + } + }, + "metadataTags": { + "description": "the tags assigned to the resource", + "type": "array", + "example": [ + "str1", + "str2", + "str3" + ], + "items": { + "type": "string" + } + }, + "templateBaseProperties": { + "description": "Template property bag.", + "type": "object", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind of the template and the contentVersion of the template" + }, + "packageVersion": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata best practices. Can also be any string, but then we cannot guarantee any version checks" + }, + "displayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The display name of the template" + }, + "contentKind": { + "$ref": "#/definitions/metadataKind", + "description": "The kind of content the template is for." + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "Source of the content. This is where/how it was created." + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The creator of the content item." + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "Support information for the template - type, name, contact information" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex formats." + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "Categories for the item" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the content item" + }, + "firstPublishDate": { + "$ref": "#/definitions/metadataFirstPublishDate", + "description": "first publish date content item" + }, + "lastPublishDate": { + "$ref": "#/definitions/metadataLastPublishDate", + "description": "last publish date for the content item" + }, + "customVersion": { + "$ref": "#/definitions/metadataCustomVersion", + "description": "The custom version of the content. A optional free text" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataContentSchemaVersion", + "description": "Schema version of the content. Can be used to distinguish between different flow based on the schema version" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "previewImages": { + "$ref": "#/definitions/metadataPreviewImages", + "description": "preview image file names. These will be taken from the solution artifacts" + }, + "previewImagesDark": { + "$ref": "#/definitions/metadataPreviewImagesDark", + "description": "preview image file names. These will be taken from the solution artifacts. used for dark theme support" + }, + "packageId": { + "$ref": "#/definitions/metadataContentId", + "description": "the package Id contains this template" + }, + "packageKind": { + "$ref": "#/definitions/metadataPackageKind", + "description": "the packageKind of the package contains this template" + }, + "packageName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "the name of the package contains this template" + } + } + }, + "packageBaseProperties": { + "description": "Describes package properties", + "properties": { + "contentId": { + "$ref": "#/definitions/metadataContentId", + "description": "The content id of the package" + }, + "contentProductId": { + "type": "string", + "description": "Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package" + }, + "contentKind": { + "$ref": "#/definitions/metadataPackageKind", + "description": "The package kind" + }, + "contentSchemaVersion": { + "$ref": "#/definitions/metadataVersion", + "description": "The version of the content schema." + }, + "isNew": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this is a newly published package." + }, + "isPreview": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is in preview." + }, + "isFeatured": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this package is among the featured list." + }, + "version": { + "$ref": "#/definitions/metadataVersion", + "description": "the latest version number of the package" + }, + "displayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The display name of the package" + }, + "description": { + "description": "The description of the package", + "type": "string" + }, + "publisherDisplayName": { + "$ref": "#/definitions/metadataDisplayName", + "description": "The publisher display name of the package" + }, + "source": { + "$ref": "#/definitions/metadataSource", + "description": "The source of the package" + }, + "author": { + "$ref": "#/definitions/metadataAuthor", + "description": "The author of the package" + }, + "support": { + "$ref": "#/definitions/metadataSupport", + "description": "The support tier of the package" + }, + "dependencies": { + "$ref": "#/definitions/metadataDependencies", + "description": "The support tier of the package" + }, + "providers": { + "$ref": "#/definitions/metadataProviders", + "description": "Providers for the package item" + }, + "firstPublishDate": { + "$ref": "#/definitions/metadataFirstPublishDate", + "description": "first publish date package item" + }, + "lastPublishDate": { + "$ref": "#/definitions/metadataLastPublishDate", + "description": "last publish date for the package item" + }, + "categories": { + "$ref": "#/definitions/metadataCategories", + "description": "The categories of the package" + }, + "threatAnalysisTactics": { + "$ref": "#/definitions/metadataThreatAnalysisTactics", + "description": "the tactics the resource covers" + }, + "threatAnalysisTechniques": { + "$ref": "#/definitions/metadataThreatAnalysisTechniques", + "description": "the techniques the resource covers, these have to be aligned with the tactics being used" + }, + "icon": { + "$ref": "#/definitions/metadataIcon", + "description": "the icon identifier. this id can later be fetched from the content metadata" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json new file mode 100644 index 000000000000..29c02cd5503d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json @@ -0,0 +1,2550 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "Common Entity types" + }, + "paths": {}, + "definitions": { + "AccountEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an account entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AccountEntityProperties", + "description": "Account entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Account" + }, + "AccountEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Account entity property bag.", + "properties": { + "aadTenantId": { + "description": "The Azure Active Directory tenant id.", + "readOnly": true, + "type": "string" + }, + "aadUserId": { + "description": "The Azure Active Directory user id.", + "readOnly": true, + "type": "string" + }, + "accountName": { + "description": "The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The display name of the account.", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id that contains the account in case it is a local account (not domain joined)", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this is a domain account.", + "readOnly": true, + "type": "boolean" + }, + "ntDomain": { + "description": "The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "puid": { + "description": "The Azure Active Directory Passport User ID.", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The account security identifier, e.g. S-1-5-18.", + "readOnly": true, + "type": "string" + }, + "upnSuffix": { + "description": "The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The fully qualified domain DNS name.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "AzureResourceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an azure resource entity.", + "properties": { + "properties": { + "$ref": "#/definitions/AzureResourceEntityProperties", + "description": "AzureResource entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureResource" + }, + "AzureResourceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "AzureResource entity property bag.", + "properties": { + "resourceId": { + "description": "The azure resource id of the resource", + "readOnly": true, + "type": "string" + }, + "subscriptionId": { + "description": "The subscription id of the resource", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "CloudApplicationEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a cloud application entity.", + "properties": { + "properties": { + "$ref": "#/definitions/CloudApplicationEntityProperties", + "description": "CloudApplication entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "CloudApplication" + }, + "CloudApplicationEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "CloudApplication entity property bag.", + "properties": { + "appId": { + "description": "The technical identifier of the application.", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "appName": { + "description": "The name of the related cloud application.", + "readOnly": true, + "type": "string" + }, + "instanceName": { + "description": "The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "DnsEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a dns entity.", + "properties": { + "properties": { + "$ref": "#/definitions/DnsEntityProperties", + "description": "Dns entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "DnsResolution" + }, + "DnsEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Dns entity property bag.", + "properties": { + "dnsServerIpEntityId": { + "description": "An ip entity id for the dns server resolving the request", + "readOnly": true, + "type": "string" + }, + "domainName": { + "description": "The name of the dns record associated with the alert", + "readOnly": true, + "type": "string" + }, + "hostIpAddressEntityId": { + "description": "An ip entity id for the dns request client", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityIds": { + "description": "Ip entity identifiers for the resolved ip address.", + "items": { + "description": "Ip entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "Entity": { + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "properties": { + "kind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the entity." + } + }, + "description": "Specific entity.", + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "EntityCommonProperties": { + "description": "Entity common property bag.", + "properties": { + "additionalData": { + "additionalProperties": true, + "description": "A bag of custom fields that should be part of the entity and will be presented to the user.", + "readOnly": true, + "type": "object" + }, + "friendlyName": { + "description": "The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "EntityInnerKind": { + "description": "The kind of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DnsResolution", + "FileHash", + "Ip", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "Url", + "IoTDevice", + "SecurityAlert", + "Bookmark", + "Mailbox", + "MailCluster", + "MailMessage", + "SubmissionMail", + "Nic" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityKindEnum", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns resolution in the system.", + "value": "DnsResolution" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "Ip" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "Url" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents bookmark in the system.", + "value": "Bookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" + } + ] + } + }, + "EntityInnerType": { + "description": "The type of the entity", + "enum": [ + "Account", + "Host", + "File", + "AzureResource", + "CloudApplication", + "DNS", + "FileHash", + "IP", + "Malware", + "Process", + "RegistryKey", + "RegistryValue", + "SecurityGroup", + "URL", + "IoTDevice", + "SecurityAlert", + "HuntingBookmark", + "MailCluster", + "MailMessage", + "Mailbox", + "SubmissionMail", + "Nic" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityType", + "values": [ + { + "description": "Entity represents account in the system.", + "value": "Account" + }, + { + "description": "Entity represents host in the system.", + "value": "Host" + }, + { + "description": "Entity represents file in the system.", + "value": "File" + }, + { + "description": "Entity represents azure resource in the system.", + "value": "AzureResource" + }, + { + "description": "Entity represents cloud application in the system.", + "value": "CloudApplication" + }, + { + "description": "Entity represents dns in the system.", + "value": "DNS" + }, + { + "description": "Entity represents file hash in the system.", + "value": "FileHash" + }, + { + "description": "Entity represents ip in the system.", + "value": "IP" + }, + { + "description": "Entity represents malware in the system.", + "value": "Malware" + }, + { + "description": "Entity represents process in the system.", + "value": "Process" + }, + { + "description": "Entity represents registry key in the system.", + "value": "RegistryKey" + }, + { + "description": "Entity represents registry value in the system.", + "value": "RegistryValue" + }, + { + "description": "Entity represents security group in the system.", + "value": "SecurityGroup" + }, + { + "description": "Entity represents url in the system.", + "value": "URL" + }, + { + "description": "Entity represents IoT device in the system.", + "value": "IoTDevice" + }, + { + "description": "Entity represents security alert in the system.", + "value": "SecurityAlert" + }, + { + "description": "Entity represents HuntingBookmark in the system.", + "value": "HuntingBookmark" + }, + { + "description": "Entity represents mail cluster in the system.", + "value": "MailCluster" + }, + { + "description": "Entity represents mail message in the system.", + "value": "MailMessage" + }, + { + "description": "Entity represents mailbox in the system.", + "value": "Mailbox" + }, + { + "description": "Entity represents submission mail in the system.", + "value": "SubmissionMail" + }, + { + "description": "Entity represents network interface in the system.", + "value": "Nic" + } + ] + } + }, + "EntityQueryKind": { + "description": "The kind of the entity query", + "enum": [ + "Expansion", + "Insight", + "Activity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "EntityQueryKind", + "values": [ + { + "value": "Expansion" + }, + { + "value": "Insight" + }, + { + "value": "Activity" + } + ] + } + }, + "ExpansionResultAggregation": { + "description": "Information of a specific aggregation in the expansion result.", + "properties": { + "aggregationType": { + "description": "The common type of the aggregation. (for e.g. entity field name)", + "type": "string" + }, + "count": { + "description": "Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.", + "type": "integer", + "format": "int32" + }, + "displayName": { + "description": "The display name of the aggregation by type.", + "type": "string" + }, + "entityKind": { + "$ref": "#/definitions/EntityInnerKind", + "description": "The kind of the aggregated entity." + } + }, + "required": [ + "entityKind", + "count" + ], + "type": "object" + }, + "ExpansionResultsMetadata": { + "description": "Expansion result metadata.", + "properties": { + "aggregations": { + "description": "Information of the aggregated nodes in the expansion result.", + "items": { + "$ref": "#/definitions/ExpansionResultAggregation" + }, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "FileEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "File" + }, + "FileEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "File entity property bag.", + "properties": { + "directory": { + "description": "The full path to the file.", + "readOnly": true, + "type": "string" + }, + "fileHashEntityIds": { + "description": "The file hash entity identifiers associated with this file", + "items": { + "description": "file hash id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "fileName": { + "description": "The file name without path (some alerts might not include path).", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id which the file belongs to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "FileHashEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a file hash entity.", + "properties": { + "properties": { + "$ref": "#/definitions/FileHashEntityProperties", + "description": "FileHash entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "FileHash" + }, + "FileHashEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "FileHash entity property bag.", + "properties": { + "algorithm": { + "description": "The hash algorithm type.", + "enum": [ + "Unknown", + "MD5", + "SHA1", + "SHA256", + "SHA256AC" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "FileHashAlgorithm", + "values": [ + { + "description": "Unknown hash algorithm", + "value": "Unknown" + }, + { + "description": "MD5 hash type", + "value": "MD5" + }, + { + "description": "SHA1 hash type", + "value": "SHA1" + }, + { + "description": "SHA256 hash type", + "value": "SHA256" + }, + { + "description": "SHA256 Authenticode hash type", + "value": "SHA256AC" + } + ] + } + }, + "hashValue": { + "description": "The file hash value.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HostEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a host entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HostEntityProperties", + "description": "Host entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Host" + }, + "HostEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Host entity property bag.", + "properties": { + "azureID": { + "description": "The azure resource id of the VM.", + "readOnly": true, + "type": "string" + }, + "dnsDomain": { + "description": "The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain", + "readOnly": true, + "type": "string" + }, + "hostName": { + "description": "The hostname without the domain suffix.", + "readOnly": true, + "type": "string" + }, + "isDomainJoined": { + "description": "Determines whether this host belongs to a domain.", + "readOnly": true, + "type": "boolean" + }, + "netBiosName": { + "description": "The host name (pre-windows2000).", + "readOnly": true, + "type": "string" + }, + "ntDomain": { + "description": "The NT domain that this host belongs to.", + "readOnly": true, + "type": "string" + }, + "omsAgentID": { + "description": "The OMS agent id, if the host has OMS agent installed.", + "readOnly": true, + "type": "string" + }, + "osFamily": { + "description": "The operating system type.", + "enum": [ + "Linux", + "Windows", + "Android", + "IOS", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "OSFamily", + "values": [ + { + "description": "Host with Linux operating system.", + "value": "Linux" + }, + { + "description": "Host with Windows operating system.", + "value": "Windows" + }, + { + "description": "Host with Android operating system.", + "value": "Android" + }, + { + "description": "Host with IOS operating system.", + "value": "IOS" + }, + { + "description": "Host with Unknown operating system.", + "value": "Unknown" + } + ] + } + }, + "osVersion": { + "description": "A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "HuntingBookmark": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a Hunting bookmark entity.", + "properties": { + "properties": { + "$ref": "#/definitions/HuntingBookmarkProperties", + "description": "HuntingBookmark entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Bookmark" + }, + "HuntingBookmarkProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Describes bookmark properties", + "properties": { + "created": { + "description": "The time the bookmark was created", + "format": "date-time", + "type": "string" + }, + "createdBy": { + "$ref": "../../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that created the bookmark", + "type": "object" + }, + "displayName": { + "description": "The display name of the bookmark", + "type": "string" + }, + "eventTime": { + "description": "The time of the event", + "format": "date-time", + "type": "string" + }, + "labels": { + "description": "List of labels relevant to this bookmark", + "items": { + "$ref": "../../../../common/2.0/types.json#/definitions/Label" + }, + "type": "array", + "x-ms-identifiers": [] + }, + "notes": { + "description": "The notes of the bookmark", + "type": "string" + }, + "query": { + "description": "The query of the bookmark.", + "type": "string" + }, + "queryResult": { + "description": "The query result of the bookmark.", + "type": "string" + }, + "updated": { + "description": "The last time the bookmark was updated", + "format": "date-time", + "type": "string" + }, + "updatedBy": { + "$ref": "../../../../common/2.0/types.json#/definitions/UserInfo", + "description": "Describes a user that updated the bookmark", + "type": "object" + }, + "incidentInfo": { + "$ref": "IncidentTypes.json#/definitions/IncidentInfo", + "description": "Describes an incident that relates to bookmark", + "type": "object" + } + }, + "required": [ + "displayName", + "query" + ], + "type": "object" + }, + "IoTDeviceEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an IoT device entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDeviceEntityProperties", + "description": "IoTDevice entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IoTDevice" + }, + "IoTDeviceEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "IoTDevice entity property bag.", + "properties": { + "deviceId": { + "description": "The ID of the IoT Device in the IoT Hub", + "readOnly": true, + "type": "string" + }, + "deviceName": { + "description": "The friendly name of the device", + "readOnly": true, + "type": "string" + }, + "source": { + "description": "The source of the device", + "readOnly": true, + "type": "string" + }, + "iotSecurityAgentId": { + "description": "The ID of the security agent running on the device", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "deviceType": { + "description": "The type of the device", + "readOnly": true, + "type": "string" + }, + "vendor": { + "description": "The vendor of the device", + "readOnly": true, + "type": "string" + }, + "edgeId": { + "description": "The ID of the edge device", + "readOnly": true, + "type": "string" + }, + "macAddress": { + "description": "The MAC address of the device", + "readOnly": true, + "type": "string" + }, + "model": { + "description": "The model of the device", + "readOnly": true, + "type": "string" + }, + "serialNumber": { + "description": "The serial number of the device", + "readOnly": true, + "type": "string" + }, + "firmwareVersion": { + "description": "The firmware version of the device", + "readOnly": true, + "type": "string" + }, + "operatingSystem": { + "description": "The operating system of the device", + "readOnly": true, + "type": "string" + }, + "iotHubEntityId": { + "description": "The AzureResource entity id of the IoT Hub", + "readOnly": true, + "type": "string" + }, + "hostEntityId": { + "description": "The Host entity id of this device", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity if of this device", + "readOnly": true, + "type": "string" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the IoTDevice entity.", + "items": { + "$ref": "ThreatIntelligenceTypes.json#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "protocols": { + "description": "A list of protocols of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "owners": { + "description": "A list of owners of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "nicEntityIds": { + "description": "A list of Nic entity ids of the IoTDevice entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "site": { + "description": "The site of the device", + "readOnly": true, + "type": "string" + }, + "zone": { + "description": "The zone location of the device within a site", + "readOnly": true, + "type": "string" + }, + "sensor": { + "description": "The sensor the device is monitored by", + "readOnly": true, + "type": "string" + }, + "deviceSubType": { + "description": "The subType of the device ('PLC', 'HMI', 'EWS', etc.)", + "readOnly": true, + "type": "string" + }, + "importance": { + "description": "Device importance, determines if the device classified as 'crown jewel'", + "enum": [ + "Unknown", + "Low", + "Normal", + "High" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DeviceImportance", + "values": [ + { + "description": "Unknown - Default value", + "value": "Unknown" + }, + { + "description": "Low", + "value": "Low" + }, + { + "description": "Normal", + "value": "Normal" + }, + { + "description": "High", + "value": "High" + } + ] + } + }, + "purdueLayer": { + "description": "The Purdue Layer of the device", + "readOnly": true, + "type": "string" + }, + "isAuthorized": { + "description": "Determines whether the device classified as authorized device", + "readOnly": true, + "type": "boolean" + }, + "isProgramming": { + "description": "Determines whether the device classified as programming device", + "readOnly": true, + "type": "boolean" + }, + "isScanner": { + "description": "Is the device classified as a scanner device", + "readOnly": true, + "type": "boolean" + } + }, + "type": "object" + }, + "IpEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an ip entity.", + "properties": { + "properties": { + "$ref": "#/definitions/IpEntityProperties", + "description": "Ip entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Ip" + }, + "IpEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Ip entity property bag.", + "properties": { + "address": { + "description": "The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)", + "readOnly": true, + "type": "string" + }, + "location": { + "$ref": "#/definitions/GeoLocation", + "description": "The geo-location context attached to the ip entity" + }, + "threatIntelligence": { + "description": "A list of TI contexts attached to the ip entity.", + "items": { + "$ref": "ThreatIntelligenceTypes.json#/definitions/ThreatIntelligence" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "GeoLocation": { + "description": "The geo-location context attached to the ip entity", + "properties": { + "asn": { + "description": "Autonomous System Number", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "city": { + "description": "City name", + "readOnly": true, + "type": "string" + }, + "countryCode": { + "description": "The country code according to ISO 3166 format", + "readOnly": true, + "type": "string" + }, + "countryName": { + "description": "Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name", + "readOnly": true, + "type": "string" + }, + "latitude": { + "description": "The latitude of the identified location, expressed as a floating point number with range of - 90 to 90. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "longitude": { + "description": "The longitude of the identified location, expressed as a floating point number with range of -180 to 180. Latitude and longitude are derived from the city or postal code.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "state": { + "description": "State name", + "readOnly": true, + "type": "string" + } + }, + "readOnly": true, + "type": "object" + }, + "MailboxEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mailbox entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailboxEntityProperties", + "description": "Mailbox entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Mailbox" + }, + "MailboxEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mailbox entity property bag.", + "properties": { + "mailboxPrimaryAddress": { + "description": "The mailbox's primary address", + "readOnly": true, + "type": "string" + }, + "displayName": { + "description": "The mailbox's display name", + "readOnly": true, + "type": "string" + }, + "upn": { + "description": "The mailbox's UPN", + "readOnly": true, + "type": "string" + }, + "externalDirectoryObjectId": { + "description": "The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox object on office side", + "format": "uuid", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailClusterEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail cluster entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailClusterEntityProperties", + "description": "Mail cluster entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailCluster" + }, + "MailClusterEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail cluster entity property bag.", + "properties": { + "networkMessageIds": { + "description": "The mail message IDs that are part of the mail cluster", + "items": { + "description": "A mail message ID", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "countByDeliveryStatus": { + "description": "Count of mail messages by DeliveryStatus string representation", + "readOnly": true, + "type": "object" + }, + "countByThreatType": { + "description": "Count of mail messages by ThreatType string representation", + "readOnly": true, + "type": "object" + }, + "countByProtectionStatus": { + "description": "Count of mail messages by ProtectionStatus string representation", + "readOnly": true, + "type": "object" + }, + "threats": { + "description": "The threats of mail messages that are part of the mail cluster", + "items": { + "description": "A threat", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "query": { + "description": "The query that was used to identify the messages of the mail cluster", + "readOnly": true, + "type": "string" + }, + "queryTime": { + "description": "The query time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "mailCount": { + "description": "The number of mail messages that are part of the mail cluster", + "readOnly": true, + "type": "integer", + "format": "int32" + }, + "isVolumeAnomaly": { + "description": "Is this a volume anomaly mail cluster", + "readOnly": true, + "type": "boolean" + }, + "source": { + "description": "The source of the mail cluster (default is 'O365 ATP')", + "readOnly": true, + "type": "string" + }, + "clusterSourceIdentifier": { + "description": "The id of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterSourceType": { + "description": "The type of the cluster source", + "readOnly": true, + "type": "string" + }, + "clusterQueryStartTime": { + "description": "The cluster query start time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterQueryEndTime": { + "description": "The cluster query end time", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "clusterGroup": { + "description": "The cluster group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "MailMessageEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a mail message entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MailMessageEntityProperties", + "description": "Mail message entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MailMessage" + }, + "MailMessageEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Mail message entity property bag.", + "properties": { + "fileEntityIds": { + "description": "The File entity ids of this mail message's attachments", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "recipient": { + "description": "The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and each copy has one recipient", + "readOnly": true, + "type": "string" + }, + "urls": { + "description": "The Urls contained in this mail message", + "items": { + "description": "A Url contained in this mail message", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "threats": { + "description": "The threats of this mail message", + "items": { + "description": "A threat of the mail message", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "p1Sender": { + "description": "The p1 sender's email address", + "readOnly": true, + "type": "string" + }, + "p1SenderDisplayName": { + "description": "The p1 sender's display name", + "readOnly": true, + "type": "string" + }, + "p1SenderDomain": { + "description": "The p1 sender's domain", + "readOnly": true, + "type": "string" + }, + "senderIP": { + "description": "The sender's IP address", + "readOnly": true, + "type": "string" + }, + "p2Sender": { + "description": "The p2 sender's email address", + "readOnly": true, + "type": "string" + }, + "p2SenderDisplayName": { + "description": "The p2 sender's display name", + "readOnly": true, + "type": "string" + }, + "p2SenderDomain": { + "description": "The p2 sender's domain", + "readOnly": true, + "type": "string" + }, + "receiveDate": { + "description": "The receive date of this message", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "networkMessageId": { + "description": "The network message id of this mail message", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "internetMessageId": { + "description": "The internet message id of this mail message", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of this mail message", + "readOnly": true, + "type": "string" + }, + "language": { + "description": "The language of this mail message", + "readOnly": true, + "type": "string" + }, + "threatDetectionMethods": { + "description": "The threat detection methods", + "items": { + "description": "A threat detection method", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "bodyFingerprintBin1": { + "description": "The bodyFingerprintBin1", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin2": { + "description": "The bodyFingerprintBin2", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin3": { + "description": "The bodyFingerprintBin3", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin4": { + "description": "The bodyFingerprintBin4", + "type": "integer", + "format": "int32" + }, + "bodyFingerprintBin5": { + "description": "The bodyFingerprintBin5", + "type": "integer", + "format": "int32" + }, + "antispamDirection": { + "description": "The directionality of this mail message", + "enum": [ + "Unknown", + "Inbound", + "Outbound", + "Intraorg" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AntispamMailDirection", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbound", + "value": "Inbound" + }, + { + "description": "Outbound", + "value": "Outbound" + }, + { + "description": "Intraorg", + "value": "Intraorg" + } + ] + } + }, + "deliveryAction": { + "description": "The delivery action of this mail message like Delivered, Blocked, Replaced etc", + "enum": [ + "Unknown", + "DeliveredAsSpam", + "Delivered", + "Blocked", + "Replaced" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryAction", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "DeliveredAsSpam", + "value": "DeliveredAsSpam" + }, + { + "description": "Delivered", + "value": "Delivered" + }, + { + "description": "Blocked", + "value": "Blocked" + }, + { + "description": "Replaced", + "value": "Replaced" + } + ] + } + }, + "deliveryLocation": { + "description": "The delivery location of this mail message like Inbox, JunkFolder etc", + "enum": [ + "Unknown", + "Inbox", + "JunkFolder", + "DeletedFolder", + "Quarantine", + "External", + "Failed", + "Dropped", + "Forwarded" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "DeliveryLocation", + "values": [ + { + "description": "Unknown", + "value": "Unknown" + }, + { + "description": "Inbox", + "value": "Inbox" + }, + { + "description": "JunkFolder", + "value": "JunkFolder" + }, + { + "description": "DeletedFolder", + "value": "DeletedFolder" + }, + { + "description": "Quarantine", + "value": "Quarantine" + }, + { + "description": "External", + "value": "External" + }, + { + "description": "Failed", + "value": "Failed" + }, + { + "description": "Dropped", + "value": "Dropped" + }, + { + "description": "Forwarded", + "value": "Forwarded" + } + ] + } + } + }, + "type": "object" + }, + "MalwareEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a malware entity.", + "properties": { + "properties": { + "$ref": "#/definitions/MalwareEntityProperties", + "description": "File entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Malware" + }, + "MalwareEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Malware entity property bag.", + "properties": { + "category": { + "description": "The malware category by the vendor, e.g. Trojan", + "readOnly": true, + "type": "string" + }, + "fileEntityIds": { + "description": "List of linked file entity identifiers on which the malware was found", + "items": { + "description": "file entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "malwareName": { + "description": "The malware name by the vendor, e.g. Win32/Toga!rfn", + "readOnly": true, + "type": "string" + }, + "processEntityIds": { + "description": "List of linked process entity identifiers on which the malware was found.", + "items": { + "description": "process entity id", + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "ProcessEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a process entity.", + "properties": { + "properties": { + "$ref": "#/definitions/ProcessEntityProperties", + "description": "Process entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Process" + }, + "ProcessEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Process entity property bag.", + "properties": { + "accountEntityId": { + "description": "The account entity id running the processes.", + "readOnly": true, + "type": "string" + }, + "commandLine": { + "description": "The command line used to create the process", + "readOnly": true, + "type": "string" + }, + "creationTimeUtc": { + "description": "The time when the process started to run", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "elevationToken": { + "description": "The elevation token associated with the process.", + "enum": [ + "Default", + "Full", + "Limited" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": false, + "name": "ElevationToken", + "values": [ + { + "description": "Default elevation token", + "value": "Default" + }, + { + "description": "Full elevation token", + "value": "Full" + }, + { + "description": "Limited elevation token", + "value": "Limited" + } + ] + } + }, + "hostEntityId": { + "description": "The host entity id on which the process was running", + "readOnly": true, + "type": "string" + }, + "hostLogonSessionEntityId": { + "description": "The session entity id in which the process was running", + "readOnly": true, + "type": "string" + }, + "imageFileEntityId": { + "description": "Image file entity id", + "readOnly": true, + "type": "string" + }, + "parentProcessEntityId": { + "description": "The parent process entity id.", + "readOnly": true, + "type": "string" + }, + "processId": { + "description": "The process ID", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryKeyEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry key entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryKeyEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryKey" + }, + "RegistryKeyEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryKey entity property bag.", + "properties": { + "hive": { + "description": "the hive that holds the registry key.", + "enum": [ + "HKEY_LOCAL_MACHINE", + "HKEY_CLASSES_ROOT", + "HKEY_CURRENT_CONFIG", + "HKEY_USERS", + "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "HKEY_PERFORMANCE_DATA", + "HKEY_PERFORMANCE_NLSTEXT", + "HKEY_PERFORMANCE_TEXT", + "HKEY_A", + "HKEY_CURRENT_USER" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryHive", + "values": [ + { + "description": "HKEY_LOCAL_MACHINE", + "value": "HKEY_LOCAL_MACHINE" + }, + { + "description": "HKEY_CLASSES_ROOT", + "value": "HKEY_CLASSES_ROOT" + }, + { + "description": "HKEY_CURRENT_CONFIG", + "value": "HKEY_CURRENT_CONFIG" + }, + { + "description": "HKEY_USERS", + "value": "HKEY_USERS" + }, + { + "description": "HKEY_CURRENT_USER_LOCAL_SETTINGS", + "value": "HKEY_CURRENT_USER_LOCAL_SETTINGS" + }, + { + "description": "HKEY_PERFORMANCE_DATA", + "value": "HKEY_PERFORMANCE_DATA" + }, + { + "description": "HKEY_PERFORMANCE_NLSTEXT", + "value": "HKEY_PERFORMANCE_NLSTEXT" + }, + { + "description": "HKEY_PERFORMANCE_TEXT", + "value": "HKEY_PERFORMANCE_TEXT" + }, + { + "description": "HKEY_A", + "value": "HKEY_A" + }, + { + "description": "HKEY_CURRENT_USER", + "value": "HKEY_CURRENT_USER" + } + ] + } + }, + "key": { + "description": "The registry key path.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "RegistryValueEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a registry value entity.", + "properties": { + "properties": { + "$ref": "#/definitions/RegistryValueEntityProperties", + "description": "RegistryKey entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "RegistryValue" + }, + "RegistryValueEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "RegistryValue entity property bag.", + "properties": { + "keyEntityId": { + "description": "The registry key entity id.", + "readOnly": true, + "type": "string" + }, + "valueData": { + "description": "String formatted representation of the value data.", + "readOnly": true, + "type": "string" + }, + "valueName": { + "description": "The registry value name.", + "readOnly": true, + "type": "string" + }, + "valueType": { + "description": "Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.", + "enum": [ + "None", + "Unknown", + "String", + "ExpandString", + "Binary", + "DWord", + "MultiString", + "QWord" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "RegistryValueKind", + "values": [ + { + "description": "None", + "value": "None" + }, + { + "description": "Unknown value type", + "value": "Unknown" + }, + { + "description": "String value type", + "value": "String" + }, + { + "description": "ExpandString value type", + "value": "ExpandString" + }, + { + "description": "Binary value type", + "value": "Binary" + }, + { + "description": "DWord value type", + "value": "DWord" + }, + { + "description": "MultiString value type", + "value": "MultiString" + }, + { + "description": "QWord value type", + "value": "QWord" + } + ] + } + } + }, + "type": "object" + }, + "SecurityAlert": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security alert entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityAlertProperties", + "description": "SecurityAlert entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityAlert" + }, + "SecurityAlertProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityAlert entity property bag.", + "properties": { + "alertDisplayName": { + "description": "The display name of the alert.", + "readOnly": true, + "type": "string" + }, + "alertType": { + "description": "The type name of the alert.", + "readOnly": true, + "type": "string" + }, + "compromisedEntity": { + "description": "Display name of the main entity being reported on.", + "readOnly": true, + "type": "string" + }, + "confidenceLevel": { + "description": "The confidence level of this alert.", + "enum": [ + "Unknown", + "Low", + "High" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceLevel", + "values": [ + { + "description": "Unknown confidence, the is the default value", + "value": "Unknown" + }, + { + "description": "Low confidence, meaning we have some doubts this is indeed malicious or part of an attack", + "value": "Low" + }, + { + "description": "High confidence that the alert is true positive malicious", + "value": "High" + } + ] + } + }, + "confidenceReasons": { + "description": "The confidence reasons", + "items": { + "description": "confidence reason item", + "properties": { + "reason": { + "description": "The reason's description", + "readOnly": true, + "type": "string" + }, + "reasonType": { + "description": "The type (category) of the reason", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "confidenceScore": { + "description": "The confidence score of the alert.", + "format": "double", + "readOnly": true, + "type": "number" + }, + "confidenceScoreStatus": { + "description": "The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.", + "enum": [ + "NotApplicable", + "InProcess", + "NotFinal", + "Final" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConfidenceScoreStatus", + "values": [ + { + "description": "Score will not be calculated for this alert as it is not supported by virtual analyst", + "value": "NotApplicable" + }, + { + "description": "No score was set yet and calculation is in progress", + "value": "InProcess" + }, + { + "description": "Score is calculated and shown as part of the alert, but may be updated again at a later time following the processing of additional data", + "value": "NotFinal" + }, + { + "description": "Final score was calculated and available", + "value": "Final" + } + ] + } + }, + "description": { + "description": "Alert description.", + "readOnly": true, + "type": "string" + }, + "endTimeUtc": { + "description": "The impact end time of the alert (the time of the last event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "intent": { + "description": "Holds the alert intent stage(s) mapping for this alert.", + "enum": [ + "Unknown", + "Probing", + "Exploitation", + "Persistence", + "PrivilegeEscalation", + "DefenseEvasion", + "CredentialAccess", + "Discovery", + "LateralMovement", + "Execution", + "Collection", + "Exfiltration", + "CommandAndControl", + "Impact" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "KillChainIntent", + "values": [ + { + "description": "The default value.", + "value": "Unknown" + }, + { + "description": "Probing could be an attempt to access a certain resource regardless of a malicious intent or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt originating from outside the network in attempt to scan the target system and find a way in.", + "value": "Probing" + }, + { + "description": "Exploitation is the stage where an attacker manage to get foothold on the attacked resource. This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries will often be able to control the resource after this stage.", + "value": "Exploitation" + }, + { + "description": "Persistence is any access, action, or configuration change to a system that gives an adversary a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate backdoor for them to regain access.", + "value": "Persistence" + }, + { + "description": "Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.", + "value": "PrivilegeEscalation" + }, + { + "description": "Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. ", + "value": "DefenseEvasion" + }, + { + "description": "Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. With sufficient access within a network, an adversary can create accounts for later use within the environment.", + "value": "CredentialAccess" + }, + { + "description": "Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must navigate themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.", + "value": "Discovery" + }, + { + "description": "Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral movement techniques could allow an adversary to gather information from a system without needing additional tools, such as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause an effect.", + "value": "LateralMovement" + }, + { + "description": "The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote systems on a network.", + "value": "Execution" + }, + { + "description": "Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Collection" + }, + { + "description": "Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.", + "value": "Exfiltration" + }, + { + "description": "The command and control tactic represents how adversaries communicate with systems under their control within a target network.", + "value": "CommandAndControl" + }, + { + "description": "The impact intent primary objective is to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. This would often refer to techniques such as ransom-ware, defacement, data manipulation and others.", + "value": "Impact" + } + ] + } + }, + "providerAlertId": { + "description": "The identifier of the alert inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "processingEndTime": { + "description": "The time the alert was made available for consumption.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "productComponentName": { + "description": "The name of a component inside the product which generated the alert.", + "readOnly": true, + "type": "string" + }, + "productName": { + "description": "The name of the product which published this alert.", + "readOnly": true, + "type": "string" + }, + "productVersion": { + "description": "The version of the product generating the alert.", + "readOnly": true, + "type": "string" + }, + "remediationSteps": { + "description": "Manual action items to take to remediate the alert.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "severity": { + "$ref": "AlertTypes.json#/definitions/AlertSeverityEnum", + "description": "The severity of the alert", + "type": "string" + }, + "startTimeUtc": { + "description": "The impact start time of the alert (the time of the first event contributing to the alert).", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "status": { + "description": "The lifecycle status of the alert.", + "enum": [ + "Unknown", + "New", + "Resolved", + "Dismissed", + "InProgress" + ], + "readOnly": true, + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "AlertStatus", + "values": [ + { + "description": "Unknown value", + "value": "Unknown" + }, + { + "description": "New alert", + "value": "New" + }, + { + "description": "Alert closed after handling", + "value": "Resolved" + }, + { + "description": "Alert dismissed as false positive", + "value": "Dismissed" + }, + { + "description": "Alert is being handled", + "value": "InProgress" + } + ] + } + }, + "systemAlertId": { + "description": "Holds the product identifier of the alert for the product.", + "readOnly": true, + "type": "string" + }, + "tactics": { + "description": "The tactics of the alert", + "items": { + "$ref": "AlertTypes.json#/definitions/AttackTactic" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + }, + "timeGenerated": { + "description": "The time the alert was generated.", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "vendorName": { + "description": "The name of the vendor that raise the alert.", + "readOnly": true, + "type": "string" + }, + "alertLink": { + "description": "The uri link of the alert.", + "readOnly": true, + "type": "string" + }, + "resourceIdentifiers": { + "description": "The list of resource identifiers of the alert.", + "items": { + "type": "object" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + }, + "SecurityGroupEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a security group entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SecurityGroupEntityProperties", + "description": "SecurityGroup entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SecurityGroup" + }, + "SecurityGroupEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "SecurityGroup entity property bag.", + "properties": { + "distinguishedName": { + "description": "The group distinguished name", + "readOnly": true, + "type": "string" + }, + "objectGuid": { + "description": "A single-value attribute that is the unique identifier for the object, assigned by active directory.", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "sid": { + "description": "The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "SubmissionMailEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a submission mail entity.", + "properties": { + "properties": { + "$ref": "#/definitions/SubmissionMailEntityProperties", + "description": "Submission mail entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "SubmissionMail" + }, + "SubmissionMailEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Submission mail entity property bag.", + "properties": { + "networkMessageId": { + "description": "The network message id of email to which submission belongs", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submissionId": { + "description": "The submission id", + "format": "uuid", + "readOnly": true, + "type": "string" + }, + "submitter": { + "description": "The submitter", + "readOnly": true, + "type": "string" + }, + "submissionDate": { + "description": "The submission date", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "timestamp": { + "description": "The Time stamp when the message is received (Mail)", + "format": "date-time", + "readOnly": true, + "type": "string" + }, + "recipient": { + "description": "The recipient of the mail", + "readOnly": true, + "type": "string" + }, + "sender": { + "description": "The sender of the mail", + "readOnly": true, + "type": "string" + }, + "senderIp": { + "description": "The sender's IP", + "readOnly": true, + "type": "string" + }, + "subject": { + "description": "The subject of submission mail", + "readOnly": true, + "type": "string" + }, + "reportType": { + "description": "The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "UrlEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents a url entity.", + "properties": { + "properties": { + "$ref": "#/definitions/UrlEntityProperties", + "description": "Url entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Url" + }, + "UrlEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Url entity property bag.", + "properties": { + "url": { + "description": "A full URL the entity points to", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, + "NicEntity": { + "allOf": [ + { + "$ref": "#/definitions/Entity" + } + ], + "description": "Represents an network interface entity.", + "properties": { + "properties": { + "$ref": "#/definitions/NicEntityProperties", + "description": "Network interface entity properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Nic" + }, + "NicEntityProperties": { + "allOf": [ + { + "$ref": "#/definitions/EntityCommonProperties" + } + ], + "description": "Nic entity property bag.", + "properties": { + "macAddress": { + "description": "The MAC address of this network interface", + "readOnly": true, + "type": "string" + }, + "ipAddressEntityId": { + "description": "The IP entity id of this network interface", + "readOnly": true, + "type": "string" + }, + "vlans": { + "description": "A list of VLANs of the network interface entity.", + "items": { + "type": "string" + }, + "readOnly": true, + "type": "array", + "x-ms-identifiers": [] + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json new file mode 100644 index 000000000000..5daa844dcd81 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json @@ -0,0 +1,246 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "Common Incident types" + }, + "paths": {}, + "definitions": { + "IncidentClassificationEnum": { + "description": "The reason the incident was closed", + "enum": [ + "Undetermined", + "TruePositive", + "BenignPositive", + "FalsePositive" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassification", + "values": [ + { + "description": "Incident classification was undetermined", + "value": "Undetermined" + }, + { + "description": "Incident was true positive", + "value": "TruePositive" + }, + { + "description": "Incident was benign positive", + "value": "BenignPositive" + }, + { + "description": "Incident was false positive", + "value": "FalsePositive" + } + ] + } + }, + "IncidentClassificationReasonEnum": { + "description": "The classification reason the incident was closed with", + "enum": [ + "SuspiciousActivity", + "SuspiciousButExpected", + "IncorrectAlertLogic", + "InaccurateData" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentClassificationReason", + "values": [ + { + "description": "Classification reason was suspicious activity", + "value": "SuspiciousActivity" + }, + { + "description": "Classification reason was suspicious but expected", + "value": "SuspiciousButExpected" + }, + { + "description": "Classification reason was incorrect alert logic", + "value": "IncorrectAlertLogic" + }, + { + "description": "Classification reason was inaccurate data", + "value": "InaccurateData" + } + ] + } + }, + "IncidentLabel": { + "description": "Represents an incident label", + "properties": { + "labelName": { + "description": "The name of the label", + "type": "string" + }, + "labelType": { + "$ref": "#/definitions/IncidentLabelType" + } + }, + "required": [ + "labelName" + ], + "type": "object" + }, + "IncidentLabelType": { + "description": "The type of the label", + "enum": [ + "User", + "AutoAssigned" + ], + "type": "string", + "readOnly": true, + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentLabelType", + "values": [ + { + "description": "Label manually created by a user", + "value": "User" + }, + { + "description": "Label automatically created by the system", + "value": "AutoAssigned" + } + ] + } + }, + "IncidentSeverityEnum": { + "description": "The severity of the incident", + "enum": [ + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentSeverity", + "values": [ + { + "description": "High severity", + "value": "High" + }, + { + "description": "Medium severity", + "value": "Medium" + }, + { + "description": "Low severity", + "value": "Low" + }, + { + "description": "Informational severity", + "value": "Informational" + } + ] + } + }, + "IncidentStatusEnum": { + "description": "The status of the incident", + "enum": [ + "New", + "Active", + "Closed" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "IncidentStatus", + "values": [ + { + "description": "An active incident which isn't being handled currently", + "value": "New" + }, + { + "description": "An active incident which is being handled", + "value": "Active" + }, + { + "description": "A non-active incident", + "value": "Closed" + } + ] + } + }, + "IncidentOwnerInfo": { + "description": "Information on the user an incident is assigned to", + "properties": { + "email": { + "description": "The email of the user the incident is assigned to.", + "type": "string" + }, + "assignedTo": { + "description": "The name of the user the incident is assigned to.", + "type": "string" + }, + "objectId": { + "description": "The object id of the user the incident is assigned to.", + "format": "uuid", + "type": "string" + }, + "userPrincipalName": { + "description": "The user principal name of the user the incident is assigned to.", + "type": "string" + }, + "ownerType": { + "description": "The type of the owner the incident is assigned to.", + "type": "string", + "enum": [ + "Unknown", + "User", + "Group" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "OwnerType", + "values": [ + { + "description": "The incident owner type is unknown", + "value": "Unknown" + }, + { + "description": "The incident owner type is an AAD user", + "value": "User" + }, + { + "description": "The incident owner type is an AAD group", + "value": "Group" + } + ] + } + } + }, + "type": "object" + }, + "IncidentInfo": { + "description": "Describes related incident information for the bookmark", + "properties": { + "incidentId": { + "description": "Incident Id", + "type": "string" + }, + "severity": { + "description": "The severity of the incident", + "type": "string", + "$ref": "#/definitions/IncidentSeverityEnum" + }, + "title": { + "description": "The title of the incident", + "type": "string" + }, + "relationName": { + "description": "Relation Name", + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json new file mode 100644 index 000000000000..9ace459c99f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json @@ -0,0 +1,95 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "Common Relation types" + }, + "paths": {}, + "definitions": { + "RelationList": { + "description": "List of relations.", + "properties": { + "nextLink": { + "readOnly": true, + "description": "URL to fetch the next set of relations.", + "type": "string" + }, + "value": { + "description": "Array of relations.", + "type": "array", + "items": { + "$ref": "#/definitions/Relation" + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "Relation": { + "type": "object", + "description": "Represents a relation between two resources", + "allOf": [ + { + "$ref": "../../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RelationProperties", + "description": "Relation properties", + "x-ms-client-flatten": true + } + } + }, + "RelationProperties": { + "description": "Relation property bag.", + "properties": { + "relatedResourceId": { + "description": "The resource ID of the related resource", + "type": "string" + }, + "relatedResourceName": { + "description": "The name of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceType": { + "description": "The resource type of the related resource", + "readOnly": true, + "type": "string" + }, + "relatedResourceKind": { + "description": "The resource kind of the related resource", + "readOnly": true, + "type": "string" + } + }, + "required": [ + "relatedResourceId" + ], + "type": "object" + } + }, + "parameters": { + "RelationName": { + "name": "relationName", + "in": "path", + "required": true, + "type": "string", + "description": "Relation Name", + "x-ms-parameter-location": "method" + }, + "Relation": { + "name": "relation", + "in": "body", + "description": "The relation model", + "required": true, + "schema": { + "$ref": "#/definitions/Relation" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json new file mode 100644 index 000000000000..832f9b943f6c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json @@ -0,0 +1,48 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "Common Relation types" + }, + "paths": {}, + "definitions": { + "ThreatIntelligence": { + "description": "ThreatIntelligence property bag.", + "properties": { + "confidence": { + "description": "Confidence (must be between 0 and 1)", + "format": "double", + "readOnly": true, + "type": "number" + }, + "providerName": { + "description": "Name of the provider from whom this Threat Intelligence information was received", + "readOnly": true, + "type": "string" + }, + "reportLink": { + "description": "Report link", + "readOnly": true, + "type": "string" + }, + "threatDescription": { + "description": "Threat description (free text)", + "readOnly": true, + "type": "string" + }, + "threatName": { + "description": "Threat name (e.g. \"Jedobot malware\")", + "readOnly": true, + "type": "string" + }, + "threatType": { + "description": "Threat type (e.g. \"Botnet\")", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + } + }, + "parameters": {} +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json new file mode 100644 index 000000000000..094bcead32fb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json @@ -0,0 +1,737 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions": { + "get": { + "x-ms-examples": { + "Get all data connector definitions.": { + "$ref": "./examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets all data connector definitions.", + "operationId": "DataConnectorDefinitions_List", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/DataConnectorDefinitionArmCollectionWrapper" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}": { + "get": { + "x-ms-examples": { + "Get customize data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Gets a data connector definition.", + "operationId": "DataConnectorDefinitions_Get", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Creates or updates the data connector definition.", + "operationId": "DataConnectorDefinitions_CreateOrUpdate", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "in": "body", + "name": "connectorDefinitionInput", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + }, + "description": "The data connector definition", + "x-ms-parameter-location": "method" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete data connector definition": { + "$ref": "./examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json" + } + }, + "tags": [ + "ConnectorDefinitions" + ], + "description": "Delete the data connector definition.", + "operationId": "DataConnectorDefinitions_Delete", + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/dataConnectorDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "ConnectorDefinitionsAvailability": { + "description": "The exposure status of the connector to the customers.", + "type": "object", + "properties": { + "status": { + "$ref": "#/definitions/AvailabilityStatus" + }, + "isPreview": { + "description": "Gets or sets a value indicating whether the connector is preview.", + "type": "boolean" + } + } + }, + "AvailabilityStatus": { + "description": "The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal).", + "type": "integer", + "format": "int32" + }, + "ConnectivityCriterion": { + "description": "The criteria by which we determine whether the connector is connected or not.\r\nFor Example, use a KQL query to check if the expected data type is flowing).", + "required": [ + "type" + ], + "type": "object", + "properties": { + "type": { + "description": "Gets or sets the type of connectivity.", + "type": "string" + }, + "value": { + "description": "Gets or sets the queries for checking connectivity.", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "ConnectorDataType": { + "description": "The data type which is created by the connector,\r\nincluding a query indicated when was the last time that data type was received in the workspace.", + "required": [ + "lastDataReceivedQuery", + "name" + ], + "type": "object", + "properties": { + "name": { + "description": "Gets or sets the name of the data type to show in the graph.", + "type": "string" + }, + "lastDataReceivedQuery": { + "description": "Gets or sets the query to indicate when relevant data was last received in the workspace.", + "type": "string" + } + } + }, + "DataConnectorDefinition": { + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "required": [ + "kind" + ], + "description": "An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal,\r\nand the info required to define data connections.", + "type": "object", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorDefinitionKind", + "description": "The data connector kind", + "type": "string" + } + }, + "discriminator": "kind" + }, + "DataConnectorDefinitionKind": { + "description": "The kind of the data connector definitions", + "enum": [ + "Customizable" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorDefinitionKind", + "values": [ + { + "value": "Customizable" + } + ] + } + }, + "DataConnectorDefinitionArmCollectionWrapper": { + "type": "object", + "description": "Encapsulate the data connector definition object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/DataConnectorDefinition" + } + }, + "nextLink": { + "type": "string" + } + } + }, + "CustomizableConnectorDefinition": { + "description": "Connector definition for kind 'Customizable'.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDefinition" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/CustomizableConnectorDefinitionProperties", + "description": "Customizable properties.", + "x-ms-client-flatten": true + } + }, + "x-ms-discriminator-value": "Customizable" + }, + "CustomizableConnectorDefinitionProperties": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "type": "object", + "required": [ + "connectorUiConfig" + ], + "properties": { + "createdTimeUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition created date in UTC format.", + "type": "string" + }, + "lastModifiedUtc": { + "format": "date-time", + "description": "Gets or sets the connector definition last modified date in UTC format.", + "type": "string" + }, + "connectorUiConfig": { + "$ref": "#/definitions/CustomizableConnectorUiConfig" + }, + "connectionsConfig": { + "$ref": "#/definitions/CustomizableConnectionsConfig" + } + } + }, + "CustomizableConnectionsConfig": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "required": [ + "templateSpecVersion", + "templateSpecName" + ], + "type": "object", + "properties": { + "templateSpecName": { + "description": "Gets or sets the template name. The template includes ARM templates that can be created by the connector, usually it will be the dataConnectors ARM templates.", + "type": "string" + }, + "templateSpecVersion": { + "description": "Gets or sets the template version.", + "type": "string" + } + } + }, + "CustomizableConnectorUiConfig": { + "description": "The UiConfig for 'Customizable' connector definition kind.", + "required": [ + "dataTypes", + "descriptionMarkdown", + "graphQueries", + "instructionSteps", + "permissions", + "publisher", + "sampleQueries", + "title", + "connectivityCriteria" + ], + "type": "object", + "properties": { + "id": { + "description": "Gets or sets custom connector id. optional field.", + "type": "string" + }, + "title": { + "description": "Gets or sets the connector blade title.", + "type": "string" + }, + "publisher": { + "description": "Gets or sets the connector publisher name.", + "type": "string" + }, + "descriptionMarkdown": { + "description": "Gets or sets the connector description in markdown format.", + "type": "string" + }, + "graphQueriesTableName": { + "description": "Gets or sets the name of the table the connector will insert the data to.\r\nThis name can be used in other queries by specifying {{graphQueriesTableName}} placeholder\r\n in Query and LastDataReceivedQuery values.", + "type": "string" + }, + "graphQueries": { + "description": "Gets or sets the graph queries to show the current data volume over time.", + "type": "array", + "items": { + "$ref": "#/definitions/GraphQuery" + }, + "x-ms-identifiers": [] + }, + "sampleQueries": { + "description": "Gets or sets the sample queries for the connector.", + "type": "array", + "items": { + "$ref": "#/definitions/SampleQuery" + }, + "x-ms-identifiers": [] + }, + "dataTypes": { + "description": "Gets or sets the data types to check for last data received.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectorDataType" + }, + "x-ms-identifiers": [] + }, + "connectivityCriteria": { + "description": "Gets or sets the way the connector checks whether the connector is connected.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectivityCriterion" + }, + "x-ms-identifiers": [] + }, + "availability": { + "$ref": "#/definitions/ConnectorDefinitionsAvailability" + }, + "permissions": { + "$ref": "#/definitions/ConnectorDefinitionsPermissions" + }, + "instructionSteps": { + "description": "Gets or sets the instruction steps to enable the connector.", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + }, + "logo": { + "description": "Gets or sets the connector logo to be used when displaying the connector within Azure Sentinel's connector's gallery.\r\nThe logo value should be in SVG format.", + "type": "string" + }, + "isConnectivityCriteriasMatchSome": { + "description": "Gets or sets a value indicating whether to use 'OR'(SOME) or 'AND' between ConnectivityCriteria items.", + "type": "boolean" + } + } + }, + "CustomPermissionDetails": { + "description": "The Custom permissions required for the connector.", + "required": [ + "description", + "name" + ], + "type": "object", + "properties": { + "name": { + "description": "Gets or sets the custom permissions name.", + "type": "string" + }, + "description": { + "description": "Gets or sets the custom permissions description.", + "type": "string" + } + } + }, + "GraphQuery": { + "description": "The graph query to show the volume of data arriving into the workspace over time.", + "required": [ + "baseQuery", + "legend", + "metricName" + ], + "type": "object", + "properties": { + "metricName": { + "description": "Gets or sets the metric name that the query is checking. For example: 'Total data receive'.", + "type": "string" + }, + "legend": { + "description": "Gets or sets the legend for the graph.", + "type": "string" + }, + "baseQuery": { + "description": "Gets or sets the base query for the graph.\r\nThe base query is wrapped by Sentinel UI infra with a KQL query, that measures the volume over time.", + "type": "string" + } + } + }, + "InstructionStep": { + "description": "Instruction steps to enable the connector.", + "type": "object", + "properties": { + "title": { + "description": "Gets or sets the instruction step title.", + "type": "string" + }, + "description": { + "description": "Gets or sets the instruction step description.", + "type": "string" + }, + "instructions": { + "description": "Gets or sets the instruction step details.", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStepDetails" + }, + "x-ms-identifiers": [] + }, + "innerSteps": { + "description": "Gets or sets the inner instruction steps details.\r\nFoe Example: instruction step 1 might contain inner instruction steps: [instruction step 1.1, instruction step 1.2].", + "type": "array", + "items": { + "$ref": "#/definitions/InstructionStep" + }, + "x-ms-identifiers": [] + } + } + }, + "InstructionStepDetails": { + "description": "Instruction step details, to be displayed in the Instructions steps section in the connector's page in Sentinel Portal.", + "required": [ + "parameters", + "type" + ], + "type": "object", + "properties": { + "parameters": { + "description": "Gets or sets the instruction type parameters settings.", + "type": "object" + }, + "type": { + "description": "Gets or sets the instruction type name.", + "type": "string" + } + } + }, + "ConnectorDefinitionsPermissions": { + "description": "The required Permissions for the connector.", + "type": "object", + "properties": { + "tenant": { + "description": "Gets or sets the required tenant permissions for the connector.", + "type": "array", + "items": { + "type": "string" + } + }, + "licenses": { + "description": "Gets or sets the required licenses for the user to create connections.", + "type": "array", + "items": { + "type": "string" + } + }, + "resourceProvider": { + "description": "Gets or sets the resource provider permissions required for the user to create connections.", + "type": "array", + "items": { + "$ref": "#/definitions/ConnectorDefinitionsResourceProvider" + }, + "x-ms-identifiers": [] + }, + "customs": { + "description": "Gets or sets the customs permissions required for the user to create connections.", + "type": "array", + "items": { + "$ref": "#/definitions/CustomPermissionDetails" + }, + "x-ms-identifiers": [] + } + } + }, + "ProviderPermissionsScope": { + "description": "The scope on which the user should have permissions, in order to be able to create connections.", + "enum": [ + "Subscription", + "ResourceGroup", + "Workspace" + ], + "type": "string", + "example": "Subscription", + "x-ms-enum": { + "name": "ProviderPermissionsScope", + "modelAsString": true, + "values": [ + { + "value": "Subscription" + }, + { + "value": "ResourceGroup" + }, + { + "value": "Workspace" + } + ] + } + }, + "ConnectorDefinitionsResourceProvider": { + "description": "The resource provider details include the required permissions for the user to create connections.\r\nThe user should have the required permissions(Read\\Write, ..) in the specified scope ProviderPermissionsScope against the specified resource provider.", + "required": [ + "permissionsDisplayText", + "provider", + "providerDisplayName", + "requiredPermissions", + "scope" + ], + "type": "object", + "properties": { + "provider": { + "description": "Gets or sets the provider name.", + "type": "string" + }, + "permissionsDisplayText": { + "description": "Gets or sets the permissions description text.", + "type": "string" + }, + "providerDisplayName": { + "description": "Gets or sets the permissions provider display name.", + "type": "string" + }, + "scope": { + "$ref": "#/definitions/ProviderPermissionsScope" + }, + "requiredPermissions": { + "$ref": "#/definitions/ResourceProviderRequiredPermissions" + } + } + }, + "ResourceProviderRequiredPermissions": { + "description": "Required permissions for the connector resource provider that define in ResourceProviders.\r\nFor more information about the permissions see here.", + "type": "object", + "properties": { + "read": { + "description": "Gets or sets a value indicating whether the permission is read action (GET).", + "type": "boolean" + }, + "write": { + "description": "Gets or sets a value indicating whether the permission is write action (PUT or PATCH).", + "type": "boolean" + }, + "delete": { + "description": "Gets or sets a value indicating whether the permission is delete action (DELETE).", + "type": "boolean" + }, + "action": { + "description": "Gets or sets a value indicating whether the permission is custom actions (POST).", + "type": "boolean" + } + } + }, + "SampleQuery": { + "description": "The sample queries for the connector.", + "required": [ + "description", + "query" + ], + "type": "object", + "properties": { + "description": { + "description": "Gets or sets the sample query description.", + "type": "string" + }, + "query": { + "description": "Gets or sets the KQL sample query.", + "type": "string" + } + } + } + }, + "parameters": { + "dataConnectorDefinitionName": { + "in": "path", + "name": "dataConnectorDefinitionName", + "description": "The data connector definition name.", + "required": true, + "type": "string", + "pattern": "^[a-z0-9A-Z-_]*$", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json new file mode 100644 index 000000000000..52fb37bdac01 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json @@ -0,0 +1,3118 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors": { + "get": { + "x-ms-examples": { + "Get all data connectors.": { + "$ref": "./examples/dataConnectors/GetDataConnectors.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets all data connectors.", + "operationId": "DataConnectors_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnectorList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}": { + "get": { + "x-ms-examples": { + "Get an Office365 data connector.": { + "$ref": "./examples/dataConnectors/GetOfficeDataConnetorById.json" + }, + "Get a TI data connector": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceById.json" + }, + "Get a TI Taxii data connector.": { + "$ref": "./examples/dataConnectors/GetThreatIntelligenceTaxiiById.json" + }, + "Get a MCAS data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json" + }, + "Get a ASC data connector": { + "$ref": "./examples/dataConnectors/GetAzureSecurityCenterById.json" + }, + "Get an AADIP (Azure Active Directory Identity Protection) data connector": { + "$ref": "./examples/dataConnectors/GetAzureActiveDirectoryById.json" + }, + "Get an AwsCloudTrail data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json" + }, + "Get an Aws S3 data connector": { + "$ref": "./examples/dataConnectors/GetAmazonWebServicesS3ById.json" + }, + "Get an AATP data connector": { + "$ref": "./examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json" + }, + "Get a MDATP data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json" + }, + "Get an Office ATP data connector": { + "$ref": "./examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json" + }, + "Get an Office IRM data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json" + }, + "Get an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/GetOffice365ProjectDataConnetorById.json" + }, + "Get a MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json" + }, + "Get an Office365 PowerBI data connector": { + "$ref": "./examples/dataConnectors/GetOfficePowerBIDataConnetorById.json" + }, + "Get a Dynamics365 data connector": { + "$ref": "./examples/dataConnectors/GetDynamics365DataConnectorById.json" + }, + "Get a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatProtectionById.json" + }, + "Get a MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json" + }, + "Get a GenericUI data connector": { + "$ref": "./examples/dataConnectors/GetGenericUI.json" + }, + "Get a APIPolling data connector": { + "$ref": "./examples/dataConnectors/GetAPIPolling.json" + }, + "Get a IoT data connector": { + "$ref": "./examples/dataConnectors/GetIoTById.json" + }, + "Get a GCP data connector": { + "$ref": "./examples/dataConnectors/GetGoogleCloudPlatformById.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Gets a data connector.", + "operationId": "DataConnectors_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Creates or updates an Office365 data connector": { + "$ref": "./examples/dataConnectors/CreateOfficeDataConnetor.json" + }, + "Creates or updates an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/CreateOffice365ProjectDataConnetor.json" + }, + "Creates or updates an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Creates or updates a Microsoft Threat Intelligence data connector.": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json" + }, + "Creates or updates an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/CreateOfficePowerBIDataConnector.json" + }, + "Creates or updates a Threat Intelligence Taxii data connector.": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json" + }, + "Creates or updates an Threat Intelligence Platform data connector": { + "$ref": "./examples/dataConnectors/CreateThreatIntelligenceDataConnector.json" + }, + "Creates or updates a Dynamics365 data connector.": { + "$ref": "./examples/dataConnectors/CreateDynamics365DataConnetor.json" + }, + "Creates or updates a GenericUI data connector": { + "$ref": "./examples/dataConnectors/CreateGenericUI.json" + }, + "Creates or updates a APIPolling data connector": { + "$ref": "./examples/dataConnectors/CreateAPIPolling.json" + }, + "Creates or updates a MicrosoftThreatProtection data connector": { + "$ref": "./examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json" + }, + "Creates or updates a GCP data connector": { + "$ref": "./examples/dataConnectors/CreateGoogleCloudPlatform.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Creates or updates the data connector.", + "operationId": "DataConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnector" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/DataConnector" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an Office365 data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficeDataConnetor.json" + }, + "Delete an Office365 Project data connector": { + "$ref": "./examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json" + }, + "Delete an MicrosoftPurviewInformationProtection data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json" + }, + "Delete an MicrosoftThreatIntelligence data connector": { + "$ref": "./examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json" + }, + "Delete an Office PowerBI data connector": { + "$ref": "./examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json" + }, + "Delete a GenericUI data connector": { + "$ref": "./examples/dataConnectors/DeleteGenericUI.json" + }, + "Delete a APIPolling data connector": { + "$ref": "./examples/dataConnectors/DeleteAPIPolling.json" + }, + "Delete a GCP data connector": { + "$ref": "./examples/dataConnectors/DeleteGoogleCloudPlatform.json" + } + }, + "tags": [ + "Data Connectors" + ], + "description": "Delete the data connector.", + "operationId": "DataConnectors_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect": { + "post": { + "x-ms-examples": { + "Connect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPolling.json" + }, + "Connect an APIPolling V2 logs data connector": { + "$ref": "./examples/dataConnectors/ConnectAPIPollingV2Logs.json" + } + }, + "tags": [ + "Data Connectors Connect" + ], + "description": "Connects a data connector.", + "operationId": "DataConnectors_Connect", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + }, + { + "$ref": "#/parameters/DataConnectorConnectBody" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect": { + "post": { + "x-ms-examples": { + "Disconnect an APIPolling data connector": { + "$ref": "./examples/dataConnectors/DisconnectAPIPolling.json" + } + }, + "tags": [ + "Data Connectors Disconnect" + ], + "description": "Disconnect a data connector.", + "operationId": "DataConnectors_Disconnect", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorId" + } + ], + "responses": { + "200": { + "description": "OK, Operation successfully completed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements": { + "post": { + "x-ms-examples": { + "Check requirements for TI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligence.json" + }, + "Check requirements for TI Taxii.": { + "$ref": "./examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection).": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no license.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json" + }, + "Check requirements for AADIP (Azure Active Directory Identity Protection) - no authorization.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json" + }, + "Check requirements for ASC.": { + "$ref": "./examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json" + }, + "Check requirements for Mcas.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json" + }, + "Check requirements for Mdatp.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMdatp.json" + }, + "Check requirements for OfficeATP.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeATP.json" + }, + "Check requirements for OfficeIRM.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficeIRM.json" + }, + "Check requirements for Office365Project.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOffice365Project.json" + }, + "Check requirements for MicrosoftPurviewInformationProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json" + }, + "Check requirements for OfficePowerBI.": { + "$ref": "./examples/dataConnectors/CheckRequirementsOfficePowerBI.json" + }, + "Check requirements for Dynamics365.": { + "$ref": "./examples/dataConnectors/CheckRequirementsDynamics365.json" + }, + "Check requirements for MicrosoftThreatProtection.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json" + }, + "Check requirements for MicrosoftThreatIntelligence.": { + "$ref": "./examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json" + }, + "Check requirements for IoT.": { + "$ref": "./examples/dataConnectors/CheckRequirementsIoT.json" + } + }, + "tags": [ + "Check Data Connector Requirements" + ], + "description": "Get requirements state for a data connector type.", + "operationId": "DataConnectorsCheckRequirements_Post", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" + }, + { + "$ref": "#/parameters/DataConnectorsCheckRequirementsBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/DataConnectorRequirementsState" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AADCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AADIP (Azure Active Directory Identity Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AADCheckRequirementsProperties", + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "AADIP (Azure Active Directory Identity Protection) requirements check properties.", + "type": "object" + }, + "AATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPCheckRequirementsProperties", + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "AATP (Azure Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "ASCCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents ASC (Azure Security Center) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCCheckRequirementsProperties", + "description": "ASC (Azure Security Center) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCCheckRequirementsProperties": { + "description": "ASC (Azure Security Center) requirements check properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Amazon Web Services CloudTrail requirements check request.", + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsS3CheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Amazon Web Services S3 requirements check request.", + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "DataConnectorsCheckRequirements": { + "description": "Data connector requirements properties.", + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "Describes the kind of connector to be checked.", + "type": "string" + } + }, + "discriminator": "kind", + "type": "object", + "required": [ + "kind" + ] + }, + "DataConnectorAuthorizationState": { + "description": "Describes the state of user's authorization for a connector kind.", + "enum": [ + "Valid", + "Invalid" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorAuthorizationState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + } + ] + } + }, + "DataConnectorLicenseState": { + "description": "Describes the state of user's license for a connector kind.", + "enum": [ + "Valid", + "Invalid", + "Unknown" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorLicenseState", + "values": [ + { + "value": "Valid" + }, + { + "value": "Invalid" + }, + { + "value": "Unknown" + } + ] + } + }, + "DataConnectorRequirementsState": { + "description": "Data connector requirements status.", + "properties": { + "authorizationState": { + "description": "Authorization state for this connector", + "$ref": "#/definitions/DataConnectorAuthorizationState" + }, + "licenseState": { + "description": "License state for this connector", + "$ref": "#/definitions/DataConnectorLicenseState" + } + }, + "type": "object" + }, + "Dynamics365CheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Dynamics365 requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365CheckRequirementsProperties", + "description": "Dynamics365 requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365CheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 requirements check properties.", + "type": "object" + }, + "MCASCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASCheckRequirementsProperties", + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) requirements check properties.", + "type": "object" + }, + "MDATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPCheckRequirementsProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "MSTICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Microsoft Threat Intelligence requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTICheckRequirementsProperties", + "description": "Microsoft Threat Intelligence requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence requirements check properties.", + "type": "object" + }, + "MtpCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPCheckRequirementsProperties", + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) requirements check properties.", + "type": "object" + }, + "OfficeATPCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPCheckRequirementsProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.", + "type": "object" + }, + "OfficeIRMCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMCheckRequirementsProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "OfficeIRM (Microsoft Insider Risk Management) requirements check properties.", + "type": "object" + }, + "MicrosoftPurviewInformationProtectionCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents MicrosoftPurviewInformationProtection requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionCheckRequirementsProperties", + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MicrosoftPurviewInformationProtection requirements check properties.", + "type": "object" + }, + "Office365ProjectCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Office365 Project requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectCheckRequirementsProperties", + "description": "Office365 Project requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office365 Project requirements check properties.", + "type": "object" + }, + "OfficePowerBICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents Office PowerBI requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBICheckRequirementsProperties", + "description": "Office Power BI requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office PowerBI requirements check properties.", + "type": "object" + }, + "TICheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence Platforms data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TICheckRequirementsProperties", + "description": "Threat Intelligence Platforms data connector check required properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TICheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence Platforms data connector required properties.", + "properties": {}, + "type": "object" + }, + "TiTaxiiCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Threat Intelligence TAXII data connector check requirements", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiCheckRequirementsProperties", + "description": "Threat Intelligence TAXII check required properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiCheckRequirementsProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector required properties.", + "type": "object" + }, + "IoTCheckRequirements": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + } + ], + "description": "Represents IoT requirements check request.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTCheckRequirementsProperties", + "description": "IoT requirements check properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IOT" + }, + "IoTCheckRequirementsProperties": { + "description": "IoT requirements check properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AADDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AADIP (Azure Active Directory Identity Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AADDataConnectorProperties", + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureActiveDirectory" + }, + "AADDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AADIP (Azure Active Directory Identity Protection) data connector properties.", + "type": "object" + }, + "AlertsDataTypeOfDataConnector": { + "description": "Alerts data type for data connectors.", + "properties": { + "alerts": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Alerts data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "MSTIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Threat Intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MSTIDataConnectorProperties", + "description": "Microsoft Threat Intelligence data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatIntelligence" + }, + "MSTIDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Intelligence Platforms data connector.", + "properties": { + "microsoftEmergingThreatFeed": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "properties": { + "lookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "type": "string" + } + }, + "description": "Data type for Microsoft Threat Intelligence Platforms data connector.", + "type": "object", + "required": [ + "lookbackPeriod" + ] + } + }, + "type": "object", + "required": [ + "microsoftEmergingThreatFeed" + ] + }, + "MSTIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Threat Intelligence data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MSTIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "MTPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MTP (Microsoft Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MTPDataConnectorProperties", + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftThreatProtection" + }, + "MTPDataConnectorDataTypes": { + "description": "The available data types for Microsoft Threat Protection Platforms data connector.", + "properties": { + "incidents": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Incidents data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + }, + "alerts": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Alerts data type for Microsoft Threat Protection Platforms data connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "incidents" + ] + }, + "MtpProvider": { + "description": "The available data providers.", + "enum": [ + "microsoftDefenderForCloudApps", + "microsoftDefenderForIdentity" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "MtpProvider" + } + }, + "MtpFilteredProviders": { + "description": "Represents the connector's Filtered providers", + "properties": { + "alerts": { + "description": "Alerts filtered providers. When filters are not applied, all alerts will stream through the MTP pipeline, still in private preview for all products EXCEPT MDA and MDI, which are in GA state.", + "items": { + "$ref": "#/definitions/MtpProvider" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "alerts" + ] + }, + "MTPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MTP (Microsoft Threat Protection) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MTPDataConnectorDataTypes", + "description": "The available data types for the connector." + }, + "filteredProviders": { + "$ref": "#/definitions/MtpFilteredProviders", + "description": "The available filtered providers for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "AATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents AATP (Azure Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AATPDataConnectorProperties", + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureAdvancedThreatProtection" + }, + "AATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "AATP (Azure Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "ASCDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents ASC (Azure Security Center) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ASCDataConnectorProperties", + "description": "ASC (Azure Security Center) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AzureSecurityCenter" + }, + "ASCDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "ASC (Azure Security Center) data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "AwsCloudTrailDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services CloudTrail data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorProperties", + "description": "Amazon Web Services CloudTrail data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesCloudTrail" + }, + "AwsCloudTrailDataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services CloudTrail data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsCloudTrailDataConnectorProperties": { + "description": "Amazon Web Services CloudTrail data connector properties.", + "properties": { + "awsRoleArn": { + "description": "The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsCloudTrailDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "AwsS3DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Amazon Web Services S3 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/AwsS3DataConnectorProperties", + "description": "Amazon Web Services S3 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "AmazonWebServicesS3" + }, + "AwsS3DataConnectorDataTypes": { + "description": "The available data types for Amazon Web Services S3 data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "AwsS3DataConnectorProperties": { + "description": "Amazon Web Services S3 data connector properties.", + "properties": { + "destinationTable": { + "description": "The logs destination table name in LogAnalytics.", + "type": "string" + }, + "sqsUrls": { + "description": "The AWS sqs urls for the connector.", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "AWS sqs url.", + "type": "string" + } + }, + "roleArn": { + "description": "The Aws Role Arn that is used to access the Aws account.", + "type": "string" + }, + "dataTypes": { + "$ref": "#/definitions/AwsS3DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "destinationTable", + "sqsUrls", + "roleArn", + "dataTypes" + ] + }, + "GCPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Google Cloud Platform data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/GCPDataConnectorProperties", + "description": "Google Cloud Platform data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "GCP" + }, + "GCPDataConnectorProperties": { + "description": "Google Cloud Platform data connector properties.", + "properties": { + "connectorDefinitionName": { + "description": "The name of the connector definition that represents the UI config.", + "type": "string" + }, + "auth": { + "$ref": "#/definitions/GCPAuthProperties", + "description": "The auth section of the connector." + }, + "request": { + "$ref": "#/definitions/GCPRequestProperties", + "description": "The request section of the connector." + }, + "dcrConfig": { + "$ref": "#/definitions/DCRConfiguration", + "description": "The configuration of the destination of the data." + } + }, + "type": "object", + "required": [ + "connectorDefinitionName", + "auth", + "request" + ] + }, + "GCPAuthProperties": { + "description": "Google Cloud Platform auth section properties.", + "properties": { + "serviceAccountEmail": { + "description": "The service account that is used to access the GCP project.", + "type": "string" + }, + "projectNumber": { + "description": "The GCP project number.", + "type": "string" + }, + "workloadIdentityProviderId": { + "description": "The workload identity provider id that is used to gain access to the GCP project.", + "type": "string" + } + }, + "type": "object", + "required": [ + "serviceAccountEmail", + "projectNumber", + "workloadIdentityProviderId" + ] + }, + "GCPRequestProperties": { + "description": "Google Cloud Platform request section properties.", + "properties": { + "projectId": { + "description": "The GCP project id.", + "type": "string" + }, + "subscriptionNames": { + "description": "The GCP pub/sub subscription names.", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "GCP pub/sub subscription name.", + "type": "string" + } + } + }, + "type": "object", + "required": [ + "projectId", + "subscriptionNames" + ] + }, + "DCRConfiguration": { + "description": "The configuration of the destination of the data.", + "properties": { + "dataCollectionEndpoint": { + "description": "Represents the data collection ingestion endpoint in log analytics.", + "type": "string" + }, + "dataCollectionRuleImmutableId": { + "description": "The data collection rule immutable id, the rule defines the transformation and data destination.", + "type": "string" + }, + "streamName": { + "description": "The stream we are sending the data to.", + "type": "string" + } + }, + "type": "object", + "required": [ + "dataCollectionEndpoint", + "dataCollectionRuleImmutableId", + "streamName" + ] + }, + "DataConnector": { + "description": "Data connector", + "allOf": [ + { + "$ref": "../../../common/2.0/types.json#/definitions/ResourceWithEtag" + } + ], + "discriminator": "kind", + "required": [ + "kind" + ], + "properties": { + "kind": { + "$ref": "#/definitions/DataConnectorKind", + "description": "The data connector kind", + "type": "string" + } + }, + "type": "object" + }, + "DataConnectorDataTypeCommon": { + "description": "Common field for data type in data connectors.", + "properties": { + "state": { + "description": "Describe whether this data type connection is enabled or not.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataTypeState" + } + } + }, + "type": "object", + "required": [ + "state" + ] + }, + "DataConnectorWithAlertsProperties": { + "description": "Data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector", + "description": "The available data types for the connector." + } + }, + "type": "object" + }, + "DataConnectorKind": { + "description": "The kind of the data connector", + "enum": [ + "AzureActiveDirectory", + "AzureSecurityCenter", + "MicrosoftCloudAppSecurity", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "Office365", + "OfficeATP", + "OfficeIRM", + "Office365Project", + "MicrosoftPurviewInformationProtection", + "OfficePowerBI", + "AmazonWebServicesCloudTrail", + "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", + "MicrosoftDefenderAdvancedThreatProtection", + "Dynamics365", + "MicrosoftThreatProtection", + "MicrosoftThreatIntelligence", + "GenericUI", + "APIPolling", + "IOT", + "GCP" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "DataConnectorKind", + "values": [ + { + "value": "AzureActiveDirectory" + }, + { + "value": "AzureSecurityCenter" + }, + { + "value": "MicrosoftCloudAppSecurity" + }, + { + "value": "ThreatIntelligence" + }, + { + "value": "ThreatIntelligenceTaxii" + }, + { + "value": "Office365" + }, + { + "value": "OfficeATP" + }, + { + "value": "OfficeIRM" + }, + { + "value": "Office365Project" + }, + { + "value": "MicrosoftPurviewInformationProtection" + }, + { + "value": "OfficePowerBI" + }, + { + "value": "AmazonWebServicesCloudTrail" + }, + { + "value": "AmazonWebServicesS3" + }, + { + "value": "AzureAdvancedThreatProtection" + }, + { + "value": "MicrosoftDefenderAdvancedThreatProtection" + }, + { + "value": "Dynamics365" + }, + { + "value": "MicrosoftThreatProtection" + }, + { + "value": "MicrosoftThreatIntelligence" + }, + { + "value": "GenericUI" + }, + { + "value": "APIPolling" + }, + { + "value": "IOT" + }, + { + "value": "GCP" + } + ] + } + }, + "DataConnectorList": { + "description": "List all the data connectors.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of data connectors.", + "readOnly": true, + "type": "string" + }, + "value": { + "description": "Array of data connectors.", + "items": { + "$ref": "#/definitions/DataConnector" + }, + "type": "array" + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "DataConnectorTenantId": { + "description": "Properties data connector on tenant level.", + "properties": { + "tenantId": { + "description": "The tenant id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object", + "required": [ + "tenantId" + ] + }, + "MCASDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MCASDataConnectorProperties", + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftCloudAppSecurity" + }, + "MCASDataConnectorDataTypes": { + "allOf": [ + { + "$ref": "#/definitions/AlertsDataTypeOfDataConnector" + } + ], + "description": "The available data types for MCAS (Microsoft Cloud App Security) data connector.", + "properties": { + "discoveryLogs": { + "$ref": "#/definitions/DataConnectorDataTypeCommon", + "description": "Discovery log data type connection." + } + }, + "type": "object" + }, + "MCASDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "MCAS (Microsoft Cloud App Security) data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MCASDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "Dynamics365DataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Dynamics365 data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Dynamics365DataConnectorProperties", + "description": "Dynamics365 data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Dynamics365" + }, + "Dynamics365DataConnectorDataTypes": { + "description": "The available data types for Dynamics365 data connector.", + "properties": { + "dynamics365CdsActivities": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Common Data Service data type connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "dynamics365CdsActivities" + ] + }, + "Dynamics365DataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Dynamics365 data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Dynamics365DataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "OfficeATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeATPDataConnectorProperties", + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeATP" + }, + "OfficeATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeATP (Office 365 Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "MicrosoftPurviewInformationProtectionDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Microsoft Purview Information Protection data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionDataConnectorProperties", + "description": "Microsoft Purview Information Protection data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftPurviewInformationProtection" + }, + "MicrosoftPurviewInformationProtectionConnectorDataTypes": { + "description": "The available data types for Microsoft Purview Information Protection data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "MicrosoftPurviewInformationProtectionDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Microsoft Purview Information Protection data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/MicrosoftPurviewInformationProtectionConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "Office365ProjectDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Office Microsoft Project data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/Office365ProjectDataConnectorProperties", + "description": "Office Microsoft Project data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365Project" + }, + "Office365ProjectConnectorDataTypes": { + "description": "The available data types for Office Microsoft Project data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "Office365ProjectDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office Microsoft Project data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/Office365ProjectConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "OfficePowerBIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Office Microsoft PowerBI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficePowerBIDataConnectorProperties", + "description": "Office Microsoft PowerBI data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficePowerBI" + }, + "OfficePowerBIConnectorDataTypes": { + "description": "The available data types for Office Microsoft PowerBI data connector.", + "properties": { + "logs": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Logs data type.", + "type": "object" + } + }, + "type": "object", + "required": [ + "logs" + ] + }, + "OfficePowerBIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office Microsoft PowerBI data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficePowerBIConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "OfficeIRMDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents OfficeIRM (Microsoft Insider Risk Management) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeIRMDataConnectorProperties", + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "OfficeIRM" + }, + "OfficeIRMDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "OfficeIRM (Microsoft Insider Risk Management) data connector properties.", + "type": "object" + }, + "MDATPDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/MDATPDataConnectorProperties", + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "MicrosoftDefenderAdvancedThreatProtection" + }, + "MDATPDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + }, + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.", + "type": "object" + }, + "OfficeDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents office data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/OfficeDataConnectorProperties", + "description": "Office data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "Office365" + }, + "OfficeDataConnectorDataTypes": { + "description": "The available data types for office data connector.", + "properties": { + "exchange": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Exchange data type connection.", + "type": "object" + }, + "sharePoint": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "SharePoint data type connection.", + "type": "object" + }, + "teams": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Teams data type connection.", + "type": "object" + } + }, + "required": [ + "exchange", + "sharePoint", + "teams" + ], + "type": "object" + }, + "OfficeDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Office data connector properties.", + "properties": { + "dataTypes": { + "$ref": "#/definitions/OfficeDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "required": [ + "dataTypes" + ], + "type": "object" + }, + "TIDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents threat intelligence data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/TIDataConnectorProperties", + "description": "TI (Threat Intelligence) data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligence" + }, + "TIDataConnectorDataTypes": { + "description": "The available data types for TI (Threat Intelligence) data connector.", + "properties": { + "indicators": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for indicators connection.", + "type": "object" + } + }, + "type": "object", + "required": [ + "indicators" + ] + }, + "TIDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "TI (Threat Intelligence) data connector properties.", + "properties": { + "tipLookbackPeriod": { + "description": "The lookback period for the feed to be imported.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "dataTypes": { + "$ref": "#/definitions/TIDataConnectorDataTypes", + "description": "The available data types for the connector." + } + }, + "type": "object", + "required": [ + "dataTypes" + ] + }, + "TiTaxiiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server", + "properties": { + "properties": { + "$ref": "#/definitions/TiTaxiiDataConnectorProperties", + "description": "Threat intelligence TAXII data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "ThreatIntelligenceTaxii" + }, + "TiTaxiiDataConnectorDataTypes": { + "description": "The available data types for Threat Intelligence TAXII data connector.", + "properties": { + "taxiiClient": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorDataTypeCommon" + } + ], + "description": "Data type for TAXII connector.", + "type": "object" + } + }, + "type": "object", + "required": [ + "taxiiClient" + ] + }, + "TiTaxiiDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorTenantId" + } + ], + "description": "Threat Intelligence TAXII data connector properties.", + "properties": { + "workspaceId": { + "description": "The workspace id.", + "type": "string" + }, + "friendlyName": { + "description": "The friendly name for the TAXII server.", + "type": "string" + }, + "taxiiServer": { + "description": "The API root for the TAXII server.", + "type": "string" + }, + "collectionId": { + "description": "The collection id of the TAXII server.", + "type": "string" + }, + "userName": { + "description": "The userName for the TAXII server.", + "type": "string" + }, + "password": { + "description": "The password for the TAXII server.", + "type": "string" + }, + "taxiiLookbackPeriod": { + "description": "The lookback period for the TAXII server.", + "format": "date-time", + "type": "string", + "x-nullable": true + }, + "pollingFrequency": { + "description": "The polling frequency for the TAXII server.", + "type": "string", + "x-nullable": true, + "enum": [ + "OnceAMinute", + "OnceAnHour", + "OnceADay" + ], + "x-ms-enum": { + "modelAsString": true, + "name": "PollingFrequency", + "values": [ + { + "description": "Once a minute", + "value": "OnceAMinute" + }, + { + "description": "Once an hour", + "value": "OnceAnHour" + }, + { + "description": "Once a day", + "value": "OnceADay" + } + ] + } + }, + "dataTypes": { + "$ref": "#/definitions/TiTaxiiDataConnectorDataTypes", + "description": "The available data types for Threat Intelligence TAXII data connector." + } + }, + "required": [ + "dataTypes", + "pollingFrequency" + ], + "type": "object" + }, + "IoTDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents IoT data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/IoTDataConnectorProperties", + "description": "IoT data connector properties.", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "IOT" + }, + "IoTDataConnectorProperties": { + "allOf": [ + { + "$ref": "#/definitions/DataConnectorWithAlertsProperties" + } + ], + "description": "IoT data connector properties.", + "properties": { + "subscriptionId": { + "description": "The subscription id to connect to, and get the data from.", + "type": "string" + } + }, + "type": "object" + }, + "CodelessUiDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Codeless UI data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/CodelessParameters", + "description": "Codeless UI data connector properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "GenericUI" + }, + "CodelessParameters": { + "description": "Represents Codeless UI data connector", + "type": "object", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + } + } + }, + "CodelessUiConnectorConfigProperties": { + "description": "Config to describe the instructions blade", + "type": "object", + "properties": { + "title": { + "description": "Connector blade title", + "type": "string" + }, + "publisher": { + "description": "Connector publisher name", + "type": "string" + }, + "descriptionMarkdown": { + "description": "Connector description", + "type": "string" + }, + "customImage": { + "description": "An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery", + "type": "string" + }, + "graphQueriesTableName": { + "description": "Name of the table the connector will insert the data to", + "type": "string" + }, + "graphQueries": { + "description": "The graph query to show the current data status", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/GraphQueries" + } + ] + }, + "type": "array" + }, + "sampleQueries": { + "description": "The sample queries for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/SampleQueries" + } + ] + }, + "type": "array" + }, + "dataTypes": { + "description": "Data types to check for last data received", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/LastDataReceivedDataType" + } + ] + }, + "type": "array" + }, + "connectivityCriteria": { + "description": "Define the way the connector check connectivity", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectivityCriteria" + } + ] + }, + "type": "array" + }, + "availability": { + "description": "Connector Availability Status", + "$ref": "#/definitions/Availability" + }, + "permissions": { + "description": "Permissions required for the connector", + "$ref": "#/definitions/Permissions" + }, + "instructionSteps": { + "description": "Instruction steps to enable the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/InstructionSteps" + } + ] + }, + "type": "array" + } + }, + "required": [ + "title", + "publisher", + "descriptionMarkdown", + "graphQueriesTableName", + "graphQueries", + "sampleQueries", + "dataTypes", + "connectivityCriteria", + "availability", + "permissions", + "instructionSteps" + ] + }, + "DataConnectorConnectBody": { + "description": "Represents Codeless API Polling data connector.", + "type": "object", + "x-ms-identifiers": [], + "properties": { + "kind": { + "description": "The authentication kind used to poll the data", + "enum": [ + "Basic", + "OAuth2", + "APIKey" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConnectAuthKind" + } + }, + "apiKey": { + "type": "string", + "description": "The API key of the audit server." + }, + "dataCollectionEndpoint": { + "type": "string", + "description": "Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics." + }, + "dataCollectionRuleImmutableId": { + "type": "string", + "description": "Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination." + }, + "outputStream": { + "type": "string", + "description": "Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in the DCR." + }, + "clientSecret": { + "type": "string", + "description": "The client secret of the OAuth 2.0 application." + }, + "clientId": { + "type": "string", + "description": "The client id of the OAuth 2.0 application." + }, + "authorizationCode": { + "type": "string", + "description": "The authorization code used in OAuth 2.0 code flow to issue a token." + }, + "userName": { + "type": "string", + "description": "The user name in the audit log server." + }, + "password": { + "type": "string", + "description": "The user password in the audit log server.", + "x-ms-secret": true + }, + "requestConfigUserInputValues": { + "type": "array", + "description": "", + "x-ms-identifiers": [], + "items": { + "type": "object" + } + } + } + }, + "CodelessApiPollingDataConnector": { + "allOf": [ + { + "$ref": "#/definitions/DataConnector" + } + ], + "description": "Represents Codeless API Polling data connector.", + "properties": { + "properties": { + "$ref": "#/definitions/ApiPollingParameters", + "description": "Codeless poling data connector properties", + "x-ms-client-flatten": true + } + }, + "type": "object", + "x-ms-discriminator-value": "APIPolling" + }, + "ApiPollingParameters": { + "description": "Represents Codeless API Polling data connector", + "type": "object", + "properties": { + "connectorUiConfig": { + "$ref": "#/definitions/CodelessUiConnectorConfigProperties", + "description": "Config to describe the instructions blade" + }, + "pollingConfig": { + "$ref": "#/definitions/CodelessConnectorPollingConfigProperties", + "description": "Config to describe the polling instructions" + } + } + }, + "CodelessConnectorPollingConfigProperties": { + "description": "Config to describe the polling config for API poller connector", + "type": "object", + "properties": { + "isActive": { + "description": "The poller active status", + "type": "boolean" + }, + "auth": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingAuthProperties", + "description": "Describe the authentication type of the poller" + }, + "request": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingRequestProperties", + "description": "Describe the poll request config parameters of the poller" + }, + "paging": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingPagingProperties", + "description": "Describe the poll request paging config of the poller" + }, + "response": { + "type": "object", + "$ref": "#/definitions/CodelessConnectorPollingResponseProperties", + "description": "Describe the response config parameters of the poller" + } + }, + "required": [ + "auth", + "request" + ] + }, + "CodelessConnectorPollingResponseProperties": { + "description": "Describes the response from the external server", + "type": "object", + "properties": { + "eventsJsonPaths": { + "description": "Describes the path we should extract the data in the response", + "x-ms-identifiers": [], + "items": { + "type": "string" + }, + "type": "array" + }, + "successStatusJsonPath": { + "description": "Describes the path we should extract the status code in the response", + "type": "string" + }, + "successStatusValue": { + "description": "Describes the path we should extract the status value in the response", + "type": "string" + }, + "isGzipCompressed": { + "description": "Describes if the data in the response is Gzip", + "type": "boolean" + } + }, + "required": [ + "eventsJsonPaths" + ] + }, + "CodelessConnectorPollingPagingProperties": { + "description": "Describe the properties needed to make a pagination call", + "type": "object", + "properties": { + "pagingType": { + "description": "Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'", + "type": "string" + }, + "nextPageParaName": { + "description": "Defines the name of a next page attribute", + "type": "string" + }, + "nextPageTokenJsonPath": { + "description": "Defines the path to a next page token JSON", + "type": "string" + }, + "pageCountAttributePath": { + "description": "Defines the path to a page count attribute", + "type": "string" + }, + "pageTotalCountAttributePath": { + "description": "Defines the path to a page total count attribute", + "type": "string" + }, + "pageTimeStampAttributePath": { + "description": "Defines the path to a paging time stamp attribute", + "type": "string" + }, + "searchTheLatestTimeStampFromEventsList": { + "description": "Determines whether to search for the latest time stamp in the events list", + "type": "string" + }, + "pageSizeParaName": { + "description": "Defines the name of the page size parameter", + "type": "string" + }, + "pageSize": { + "description": "Defines the paging size", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "pagingType" + ] + }, + "CodelessConnectorPollingRequestProperties": { + "description": "Describe the request properties needed to successfully pull from the server", + "type": "object", + "properties": { + "apiEndpoint": { + "description": "Describe the endpoint we should pull the data from", + "type": "string" + }, + "rateLimitQps": { + "description": "Defines the rate limit QPS", + "format": "int32", + "type": "integer" + }, + "queryWindowInMin": { + "description": "The window interval we will use the pull the data", + "format": "int32", + "type": "integer" + }, + "httpMethod": { + "description": "The http method type we will use in the poll request, GET or POST", + "type": "string" + }, + "queryTimeFormat": { + "description": "The time format will be used the query events in a specific window", + "type": "string" + }, + "retryCount": { + "description": "Describe the amount of time we should try and poll the data in case of failure", + "format": "int32", + "type": "integer" + }, + "timeoutInSeconds": { + "description": "The number of seconds we will consider as a request timeout", + "format": "int32", + "type": "integer" + }, + "headers": { + "description": "Describe the headers sent in the poll request", + "type": "object" + }, + "queryParameters": { + "description": "Describe the query parameters sent in the poll request", + "type": "object" + }, + "queryParametersTemplate": { + "description": "For advanced scenarios for example user name/password embedded in nested JSON payload", + "type": "string" + }, + "startTimeAttributeName": { + "description": "This will be used the query events from a start of the time window", + "type": "string" + }, + "endTimeAttributeName": { + "description": "This will be used the query events from the end of the time window", + "type": "string" + } + }, + "required": [ + "apiEndpoint", + "httpMethod", + "queryWindowInMin", + "queryTimeFormat" + ] + }, + "CodelessConnectorPollingAuthProperties": { + "description": "Describe the authentication properties needed to successfully authenticate with the server", + "type": "object", + "properties": { + "authType": { + "description": "The authentication type", + "type": "string" + }, + "apiKeyName": { + "description": "The header name which the token is sent with", + "type": "string" + }, + "apiKeyIdentifier": { + "description": "A prefix send in the header before the actual token", + "type": "string" + }, + "isApiKeyInPostPayload": { + "description": "Marks if the key should sent in header", + "type": "string" + }, + "flowName": { + "description": "Describes the flow name, for example 'AuthCode' for Oauth 2.0", + "type": "string" + }, + "tokenEndpoint": { + "description": "The endpoint used to issue a token, used in Oauth 2.0 flow", + "type": "string" + }, + "authorizationEndpoint": { + "description": "The endpoint used to authorize the user, used in Oauth 2.0 flow", + "type": "string" + }, + "authorizationEndpointQueryParameters": { + "description": "The query parameters used in authorization request, used in Oauth 2.0 flow", + "type": "object" + }, + "redirectionEndpoint": { + "description": "The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow", + "type": "string" + }, + "tokenEndpointHeaders": { + "description": "The query headers used in token request, used in Oauth 2.0 flow", + "type": "object" + }, + "tokenEndpointQueryParameters": { + "description": "The query parameters used in token request, used in Oauth 2.0 flow", + "type": "object" + }, + "isClientSecretInHeader": { + "description": "Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow", + "type": "boolean" + }, + "scope": { + "description": "The OAuth token scope", + "type": "string" + } + }, + "required": [ + "authType" + ] + }, + "LastDataReceivedDataType": { + "description": "Data type for last data received", + "type": "object", + "properties": { + "name": { + "description": "Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder", + "type": "string" + }, + "lastDataReceivedQuery": { + "description": "Query for indicate last data received", + "type": "string" + } + } + }, + "Permissions": { + "description": "Permissions required for the connector", + "x-ms-identifiers": [], + "type": "object", + "properties": { + "resourceProvider": { + "description": "Resource provider permissions required for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ResourceProvider" + } + ] + }, + "type": "array" + }, + "customs": { + "description": "Customs permissions required for the connector", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/Customs" + } + ] + }, + "type": "array" + } + } + }, + "Customs": { + "description": "Customs permissions required for the connector", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/CustomsPermission" + } + ] + }, + "CustomsPermission": { + "description": "Customs permissions required for the connector", + "type": "object", + "properties": { + "name": { + "description": "Customs permissions name", + "type": "string" + }, + "description": { + "description": "Customs permissions description", + "type": "string" + } + } + }, + "ResourceProvider": { + "description": "Resource provider permissions required for the connector", + "type": "object", + "properties": { + "provider": { + "description": "Provider name", + "enum": [ + "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", + "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", + "Microsoft.Authorization/policyAssignments" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ProviderName" + } + }, + "permissionsDisplayText": { + "description": "Permission description text", + "type": "string" + }, + "providerDisplayName": { + "description": "Permission provider display name", + "type": "string" + }, + "scope": { + "description": "Permission provider scope", + "enum": [ + "ResourceGroup", + "Subscription", + "Workspace" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "PermissionProviderScope" + } + }, + "requiredPermissions": { + "description": "Required permissions for the connector", + "$ref": "#/definitions/RequiredPermissions" + } + } + }, + "InstructionSteps": { + "description": "Instruction steps to enable the connector", + "type": "object", + "properties": { + "title": { + "description": "Instruction step title", + "type": "string" + }, + "description": { + "description": "Instruction step description", + "type": "string" + }, + "instructions": { + "description": "Instruction step details", + "x-ms-identifiers": [], + "items": { + "allOf": [ + { + "$ref": "#/definitions/ConnectorInstructionModelBase" + } + ] + }, + "type": "array" + } + } + }, + "ConnectorInstructionModelBase": { + "description": "Instruction step details", + "type": "object", + "properties": { + "parameters": { + "type": "object", + "description": "The parameters for the setting" + }, + "type": { + "description": "The kind of the setting", + "enum": [ + "CopyableLabel", + "InstructionStepsGroup", + "InfoMessage" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "SettingType" + } + } + }, + "required": [ + "type" + ] + }, + "RequiredPermissions": { + "description": "Required permissions for the connector", + "type": "object", + "properties": { + "action": { + "description": "action permission", + "type": "boolean" + }, + "write": { + "description": "write permission", + "type": "boolean" + }, + "read": { + "description": "read permission", + "type": "boolean" + }, + "delete": { + "description": "delete permission", + "type": "boolean" + } + } + }, + "Availability": { + "description": "Connector Availability Status", + "type": "object", + "properties": { + "status": { + "description": "The connector Availability Status", + "format": "int32", + "type": "integer", + "enum": [ + 1 + ], + "x-ms-enum": { + "name": "AvailabilityStatus", + "values": [ + { + "value": 1, + "description": "Available" + } + ] + } + }, + "isPreview": { + "description": "Set connector as preview", + "type": "boolean" + } + } + }, + "ConnectivityCriteria": { + "description": "Setting for the connector check connectivity", + "type": "object", + "properties": { + "type": { + "description": "type of connectivity", + "enum": [ + "IsConnectedQuery" + ], + "type": "string", + "x-ms-enum": { + "modelAsString": true, + "name": "ConnectivityType" + } + }, + "value": { + "description": "Queries for checking connectivity", + "x-ms-identifiers": [], + "type": "array", + "items": { + "description": "checking connectivity query", + "type": "string" + } + } + } + }, + "SampleQueries": { + "description": "The sample queries for the connector", + "type": "object", + "properties": { + "description": { + "description": "The sample query description", + "type": "string" + }, + "query": { + "description": "the sample query", + "type": "string" + } + } + }, + "GraphQueries": { + "type": "object", + "description": "The graph query to show the current data status", + "properties": { + "metricName": { + "description": "the metric that the query is checking", + "type": "string" + }, + "legend": { + "description": "The legend for the graph", + "type": "string" + }, + "baseQuery": { + "description": "The base query for the graph", + "type": "string" + } + } + } + }, + "parameters": { + "DataConnector": { + "description": "The data connector", + "in": "body", + "name": "dataConnector", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnector" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorId": { + "description": "Connector ID", + "in": "path", + "name": "dataConnectorId", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "DataConnectorConnectBody": { + "description": "The data connector", + "in": "body", + "name": "connectBody", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorConnectBody" + }, + "x-ms-parameter-location": "method" + }, + "DataConnectorsCheckRequirementsBody": { + "description": "The parameters for requirements check message", + "in": "body", + "name": "DataConnectorsCheckRequirements", + "required": true, + "schema": { + "$ref": "#/definitions/DataConnectorsCheckRequirements" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json new file mode 100644 index 000000000000..5755265bdc00 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "action": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "triggerUri": "https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json new file mode 100644 index 000000000000..63cd57207758 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json new file mode 100644 index 000000000000..437df43477f0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "actionId": "912bec42-cb66-4c03-ac63-1761b6898c3e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json new file mode 100644 index 000000000000..9119826114b3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e", + "name": "912bec42-cb66-4c03-ac63-1761b6898c3e", + "type": "Microsoft.SecurityInsights/alertRules/actions", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "workflowId": "cd3765391efd48549fd7681ded1d48d7", + "logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json new file mode 100644 index 000000000000..fe9a9569e00c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "alertRuleTemplateId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "version": "1.0.2", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json new file mode 100644 index 000000000000..25af577a0cea --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -0,0 +1,238 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Scheduled", + "properties": { + "severity": "Low", + "query": "let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress", + "queryFrequency": "P1D", + "queryPeriod": "P1D", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "displayName": "Changes to Amazon VPC settings", + "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/", + "tactics": [ + "PrivilegeEscalation", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-02-27T00:00:00Z", + "status": "Available", + "version": "1.0.1", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8", + "name": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "severityFilter": { + "enabled": true, + "isSupported": true, + "severityFilters": [ + "Informational", + "Low", + "Medium", + "High" + ] + } + } + ] + }, + { + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "severityFilter": { + "enabled": false, + "isSupported": false, + "severityFilters": null + } + } + ] + } + ], + "lastUpdatedDateUTC": "2021-06-09T00:00:00Z", + "createdDateUTC": "2019-07-25T00:00:00Z", + "status": "Available", + "severity": "High", + "alertRulesCreatedByTemplateCount": 0 + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb", + "name": "b3cfc7c0-092c-481c-a55b-34a3979758cb", + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "Create incidents based on Microsoft Cloud App Security alerts", + "description": "Create incidents based on all alerts generated in Microsoft Cloud App Security", + "lastUpdatedDateUTC": "2020-02-27T00:00:00Z", + "createdDateUTC": "2019-07-16T00:00:00Z", + "status": "Available", + "alertRulesCreatedByTemplateCount": 0 + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json new file mode 100644 index 000000000000..a464d77ef862 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -0,0 +1,845 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "filters": null + } + } + ] + } + ], + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json new file mode 100644 index 000000000000..be8c8ad7a23c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -0,0 +1,851 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule", + "alertRule": { + "kind": "Fusion", + "etag": "3d00c3ca-0000-0100-0000-5d42d5010000", + "properties": { + "enabled": true, + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "filters": null + } + } + ] + } + ], + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "scenarioExclusionPatterns": [ + { + "exclusionPattern": "Alert providers:Azure Active Directory Identity Protection:Infected Device;Alert providers:Azure Defender:Crypto-mining activity", + "dateAddedInUTC": "2021-10-01T15:26:44.9429806Z" + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2019-09-04T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..6b51eaa0b3f4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "microsoftSecurityIncidentCreationRuleExample", + "alertRule": { + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "displayName": "testing displayname", + "enabled": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json new file mode 100644 index 000000000000..d6b02c03ed09 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json new file mode 100644 index 000000000000..e5576f7edbb3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -0,0 +1,270 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "alertRule": { + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "sentinelEntitiesMappings": [ + { + "columnName": "Entities" + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertDynamicProperties": [ + { + "alertProperty": "ProductComponentName", + "value": "ProductComponentNameCustomColumn" + }, + { + "alertProperty": "ProductName", + "value": "ProductNameCustomColumn" + }, + { + "alertProperty": "AlertLink", + "value": "Link" + } + ] + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:15:30Z", + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json new file mode 100644 index 000000000000..f057cefab2e1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json new file mode 100644 index 000000000000..8ab228dbdbf4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json @@ -0,0 +1,412 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"25005c11-0000-0d00-0000-5d6cc0e20000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "sourceSubTypeDisplayName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2021-10-22T07:12:34.9065092Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json new file mode 100644 index 000000000000..6a442cc680f7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -0,0 +1,310 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "myFirstFusionRule" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule", + "name": "myFirstFusionRule", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Fusion", + "properties": { + "displayName": "Advanced Multi-Stage Attack Detection", + "description": "Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion.", + "alertRuleTemplateName": "f71aba3d-28fb-450b-b192-4e76a83015c8", + "tactics": [ + "Collection", + "CommandAndControl", + "CredentialAccess", + "DefenseEvasion", + "Discovery", + "Execution", + "Exfiltration", + "Impact", + "InitialAccess", + "LateralMovement", + "Persistence", + "PrivilegeEscalation" + ], + "sourceSettings": [ + { + "enabled": true, + "sourceName": "Anomalies", + "sourceSubTypes": null + }, + { + "enabled": true, + "sourceName": "Alert providers", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Azure Active Directory Identity Protection", + "sourceSubTypeDisplayName": "Azure Active Directory Identity Protection", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender", + "sourceSubTypeDisplayName": "Microsoft Defender for Cloud", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Defender for IoT", + "sourceSubTypeDisplayName": "Microsoft Defender for IoT", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft 365 Defender", + "sourceSubTypeDisplayName": "Microsoft 365 Defender", + "enabled": true, + "severityFilter": [ + "High", + "Medium", + "Low", + "Informational" + ], + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Cloud App Security", + "sourceSubTypeDisplayName": "Microsoft Cloud App Security", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Endpoint", + "sourceSubTypeDisplayName": "Microsoft Defender for Endpoint", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Identity", + "sourceSubTypeDisplayName": "Microsoft Defender for Identity", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Microsoft Defender for Office 365", + "sourceSubTypeDisplayName": "Microsoft Defender for Office 365", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + }, + { + "sourceSubTypeName": "Azure Sentinel scheduled analytics rules", + "sourceSubTypeDisplayName": "Azure Sentinel scheduled analytics rules", + "enabled": true, + "severityFilters": { + "isSupported": true, + "filters": [ + { + "severity": "High", + "enabled": true + }, + { + "severity": "Medium", + "enabled": true + }, + { + "severity": "Low", + "enabled": true + }, + { + "severity": "Informational", + "enabled": true + } + ] + } + } + ] + }, + { + "enabled": true, + "sourceName": "Raw logs from other sources", + "sourceSubTypes": [ + { + "sourceSubTypeName": "Palo Alto Networks", + "sourceSubTypeDisplayName": "Palo Alto Networks", + "enabled": true, + "severityFilters": { + "isSupported": false, + "filters": null + } + } + ] + } + ], + "severity": "High", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json new file mode 100644 index 000000000000..e4c0c6ca72ee --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "microsoftSecurityIncidentCreationRuleExample" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample", + "name": "microsoftSecurityIncidentCreationRuleExample", + "etag": "\"260097e0-0000-0d00-0000-5d6fa88f0000\"", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "MicrosoftSecurityIncidentCreation", + "properties": { + "productFilter": "Microsoft Cloud App Security", + "severitiesFilter": null, + "displayNamesFilter": null, + "displayName": "testing displayname", + "enabled": true, + "description": null, + "alertRuleTemplateName": null, + "lastModifiedUtc": "2019-09-04T12:05:35.7296311Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json new file mode 100644 index 000000000000..85b9857624ed --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "NRT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "Rule2", + "description": "", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "lastModifiedUtc": "2019-01-01T13:15:30Z", + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host", + "Account" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json new file mode 100644 index 000000000000..6a2333afb809 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/alertRules", + "kind": "Scheduled", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "alertRuleTemplateName": null, + "displayName": "My scheduled rule", + "description": "An example for a scheduled rule", + "severity": "High", + "enabled": true, + "tactics": [ + "Persistence", + "LateralMovement" + ], + "techniques": [ + "T1037", + "T1021" + ], + "query": "Heartbeat", + "queryFrequency": "PT1H", + "queryPeriod": "P2DT1H30M", + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "lastModifiedUtc": "2021-03-01T13:17:30Z", + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "OperatingSystemName": "OSName", + "OperatingSystemType": "OSType" + }, + "entityMappings": [ + { + "entityType": "Host", + "fieldMappings": [ + { + "identifier": "FullName", + "columnName": "Computer" + } + ] + }, + { + "entityType": "IP", + "fieldMappings": [ + { + "identifier": "Address", + "columnName": "ComputerIP" + } + ] + } + ], + "alertDetailsOverride": { + "alertDisplayNameFormat": "Alert from {{Computer}}", + "alertDescriptionFormat": "Suspicious activity was made by {{ComputerIP}}", + "alertTacticsColumnName": null, + "alertSeverityColumnName": null + }, + "incidentConfiguration": { + "createIncident": true, + "groupingConfiguration": { + "enabled": true, + "reopenClosedIncident": false, + "lookbackDuration": "PT5H", + "matchingMethod": "Selected", + "groupByEntities": [ + "Host" + ], + "groupByAlertDetails": [ + "DisplayName" + ], + "groupByCustomDetails": [ + "OperatingSystemType", + "OperatingSystemName" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json new file mode 100644 index 000000000000..dd65dcb46af5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -0,0 +1,171 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "automationRule": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json new file mode 100644 index 000000000000..78b480b1601b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": {} + }, + "204": { + "body": {} + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json new file mode 100644 index 000000000000..7b8803c70cb2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "automationRuleId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json new file mode 100644 index 000000000000..0c7ddbcf4415 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/automationRules", + "properties": { + "displayName": "Suspicious user sign-in events", + "order": 1, + "triggeringLogic": { + "isEnabled": true, + "triggersOn": "Incidents", + "triggersWhen": "Created", + "conditions": [ + { + "conditionType": "Property", + "conditionProperties": { + "propertyName": "IncidentRelatedAnalyticRuleIds", + "operator": "Contains", + "propertyValues": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7", + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a" + ] + } + } + ] + }, + "actions": [ + { + "order": 1, + "actionType": "AddIncidentTask", + "actionConfiguration": { + "title": "Reset user passwords", + "description": "Reset passwords for compromised users." + } + } + ], + "lastModifiedTimeUtc": "2019-01-01T13:00:30Z", + "createdTimeUtc": "2019-01-01T13:00:00Z", + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json new file mode 100644 index 000000000000..260fde7db92c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json new file mode 100644 index 000000000000..07189a3aaec2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "billingStatisticName": "sapSolutionUsage" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/billingStatistics/sapUsage", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "sapSolutionUsage", + "type": "Microsoft.SecurityInsights/billingStatistics", + "kind": "SapSolutionUsage", + "properties": { + "activeSystemIdCount": 5 + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json new file mode 100644 index 000000000000..91f903df4698 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json @@ -0,0 +1,143 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "bookmark": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json new file mode 100644 index 000000000000..34665d114dab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json new file mode 100644 index 000000000000..03fa481946e5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + }, + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json new file mode 100644 index 000000000000..65e54d684be1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/bookmarks", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My bookmark", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updated": "2021-09-01T13:15:30Z", + "created": "2021-09-01T13:15:30Z", + "notes": "Found a suspicious activity", + "labels": [ + "Tag1", + "Tag2" + ], + "query": "SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)", + "queryResult": "Security Event query result", + "incidentInfo": { + "incidentId": "DDA55F97-170B-40B9-B8ED-CBFD05481E7D", + "severity": "Low", + "title": "New case 1", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018" + }, + "tactics": [ + "Execution" + ], + "techniques": [ + "T1609" + ], + "entityMappings": [ + { + "entityType": "Account", + "fieldMappings": [ + { + "identifier": "Fullname", + "value": "johndoe@microsoft.com" + } + ] + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json new file mode 100644 index 000000000000..4b3dcfbf9f4e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "parameters": { + "expansionId": "27f76e63-c41b-480f-bb18-12ad2e011d49", + "startTime": "2019-12-25T17:21:00.000Z", + "endTime": "2020-01-24T17:21:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "name": "fe4ddab5-8cea-eca3-c8b8-9e92e830a387", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json new file mode 100644 index 000000000000..30ac3b3efa2a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json new file mode 100644 index 000000000000..b8df22782d74 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json new file mode 100644 index 000000000000..ae80cc8c49d1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json new file mode 100644 index 000000000000..9b7a808341dd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "bookmarkId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/bookmarks/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json new file mode 100644 index 000000000000..784acabe6c36 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json new file mode 100644 index 000000000000..8cc2453668ef --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "contentSchemaVersion": "3.0.0", + "version": "2.0.0", + "displayName": "str" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json new file mode 100644 index 000000000000..c862f21c7523 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01", + "packageContent": "JSON string of the package" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json new file mode 100644 index 000000000000..029f47e71415 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json new file mode 100644 index 000000000000..66a12239b696 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json @@ -0,0 +1,151 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str", + "packageInstallationProperties": { + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "version": "2.0.0", + "displayName": "str" + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentKind": "Solution", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/str.azure-sentinel-solution-str", + "name": "str.azure-sentinel-solution-str", + "type": "Microsoft.SecurityInsights/contentpackages", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "str.azure-sentinel-solution-str", + "contentProductId": "str.azure-sentinel-solution-str-sl-igl6jawr4gwmu", + "contentKind": "Solution", + "installedVersion": "2.0.0", + "version": "2.0.0", + "displayName": "str", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json new file mode 100644 index 000000000000..ce69839dca66 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "packageId": "str.azure-sentinel-solution-str" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json new file mode 100644 index 000000000000..4db18824c70f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json new file mode 100644 index 000000000000..4abb6c8091f9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": {} + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json new file mode 100644 index 000000000000..491a10276933 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "packageKind": "Standalone", + "packageName": "package name", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json new file mode 100644 index 000000000000..2ba98409e06f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "8365ebfe-a381-45b7-ad08-7d818070e11f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates/8365ebfe-a381-45b7-ad08-7d818070e11f", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "version": "1.0.0", + "packageVersion": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "source": { + "kind": "Standalone", + "name": "Source name" + }, + "mainTemplate": {} + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json new file mode 100644 index 000000000000..3d90ba97e2f0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "contentId", + "contentProductId": "packageId-wb-rimnsoeh4nt32", + "packageVersion": "1.0.0", + "version": "1.0.0", + "displayName": "My installed template", + "contentKind": "Workbooks", + "packageId": "packageId", + "source": { + "kind": "Standalone", + "name": "Source name" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json new file mode 100644 index 000000000000..a349d6c39baf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json @@ -0,0 +1,228 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "templateId": "str.azure-sentinel-solution-str", + "templateInstallationProperties": { + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "displayName": "API Protection workbook template", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "packageVersion": "1.0.0", + "packageId": "str.azure-sentinel-solution-str", + "packageName": "str", + "packageKind": "Solution", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.1", + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "apiVersion": "2022-04-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Creates an incident when a large number of Critical/High severity CrowdStrike Falcon sensor detections is triggered by a single user", + "displayName": "Critical or High Severity Detections by User", + "enabled": false, + "query": "...", + "queryFrequency": "PT1H", + "queryPeriod": "PT1H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split([resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)],'/'))))]", + "properties": { + "description": "CrowdStrike Falcon Endpoint Protection Analytics Rule 1", + "parentId": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 8365ebfe-a381-45b7-ad08-7d818070e11f)]", + "contentId": "4465ebde-b381-45f7-ad08-7d818070a11c", + "kind": "AnalyticsRule", + "version": "1.0.0", + "source": { + "kind": "Solution", + "name": "str", + "sourceId": "str.azure-sentinel-solution-str" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + } + } + } + ] + } + }, + "tags": { + "tag1": "str" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "packageKind": "Solution", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfeab2-9ae0-4464-9919-dccaee2e48f0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/contentPackages/azuresentinel.azure-sentinel-solution-ciscoumbrella", + "name": "azuresentinel.azure-sentinel-solution-ciscoumbrella", + "type": "Microsoft.SecurityInsights/contenttemplates", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "contentId": "8365ebfe-a381-45b7-ad08-7d818070e11f", + "contentProductId": "str.azure-sentinel-solution-str-ar-cbfe4fndz66bi", + "packageKind": "Solution", + "packageId": "str.azure-sentinel-solution-str", + "packageVersion": "1.0.0", + "contentKind": "AnalyticsRule", + "version": "1.0.1", + "displayName": "API Protection workbook template", + "source": { + "kind": "Solution", + "name": "CiscoUmbrella", + "sourceId": "azuresentinel.azure-sentinel-solution-ciscoumbrella" + }, + "author": { + "name": "Microsoft", + "email": "support@microsoft.com" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "contentId": "strDataConnector", + "kind": "DataConnector", + "version": "2.0.0" + }, + { + "contentId": "str-Parser", + "kind": "Parser", + "version": "2.0.0" + } + ], + "operator": "AND" + }, + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Cloud Security" + ], + "verticals": null + }, + "firstPublishDate": "2022-04-01" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json new file mode 100644 index 000000000000..4a7e55e819ac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -0,0 +1,264 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "connectorDefinitionInput": { + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json new file mode 100644 index 000000000000..df6440f04add --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json new file mode 100644 index 000000000000..8e8b01267d91 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorDefinitionName": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + }, + "connectionsConfig": { + "templateSpecName": "templateNameMock", + "templateSpecVersion": "1.0.0" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json new file mode 100644 index 000000000000..341d6199a191 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectorDefinitions", + "kind": "Customizable", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "GitHubAuditLogPolling_CL" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "GitHubAuditLogPolling_CL \n | take 10" + } + ], + "dataTypes": [ + { + "name": "GitHubAuditLogPolling_CL", + "lastDataReceivedQuery": "GitHubAuditLogPolling_CL \n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "GitHubAuditLogPolling_CL \n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": false, + "delete": false, + "action": false + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "type": "OAuthForm", + "parameters": { + "clientIdLabel": "Client ID", + "clientSecretLabel": "Client Secret", + "connectButtonLabel": "Connect", + "disconnectButtonLabel": "Disconnect" + } + } + ] + } + ] + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json new file mode 100644 index 000000000000..e437ec72711a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json new file mode 100644 index 000000000000..e437ec72711a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json new file mode 100644 index 000000000000..e437ec72711a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureActiveDirectory", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json new file mode 100644 index 000000000000..a31e2954d481 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "AzureSecurityCenter", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json new file mode 100644 index 000000000000..94aa9bb5b60b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "Dynamics365", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json new file mode 100644 index 000000000000..031a0a971807 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "IOT", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json new file mode 100644 index 000000000000..99bb030c0f2b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json new file mode 100644 index 000000000000..99bb030c0f2b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftCloudAppSecurity", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json new file mode 100644 index 000000000000..2bd286ba9f38 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftPurviewInformationProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json new file mode 100644 index 000000000000..b375ff4d6483 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json new file mode 100644 index 000000000000..4480e2a1244b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "MicrosoftThreatProtection", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json new file mode 100644 index 000000000000..9b07d71235ab --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "Office365Project", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json new file mode 100644 index 000000000000..e4d73014eb00 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficeATP", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json new file mode 100644 index 000000000000..7897957eb054 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficeIRM", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json new file mode 100644 index 000000000000..69d4924d1203 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "OfficePowerBI", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json new file mode 100644 index 000000000000..c500738d8702 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json new file mode 100644 index 000000000000..d145e31d70a1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "DataConnectorsCheckRequirements": { + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8" + } + } + }, + "responses": { + "200": { + "body": { + "authorizationState": "Valid", + "licenseState": "Valid" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json new file mode 100644 index 000000000000..3e7833cf7c5f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "connectBody": { + "kind": "APIKey", + "apiKey": "123456789", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json new file mode 100644 index 000000000000..30de8cf68731 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "connectBody": { + "kind": "APIKey", + "apiKey": "123456789", + "dataCollectionEndpoint": "https://test.eastus.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-34adsj9o7d6f9de204478b9cgb43b631", + "outputStream": "Custom-MyTableRawData", + "requestConfigUserInputValues": [ + { + "displayText": "Organization Name", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "somePlaceHolderValue", + "requestObjectKey": "apiEndpoint" + } + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json new file mode 100644 index 000000000000..2546ea7ce5f8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -0,0 +1,368 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "dataConnector": { + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json new file mode 100644 index 000000000000..5e81d260c748 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "dataConnector": { + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json new file mode 100644 index 000000000000..e372faf6112b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -0,0 +1,437 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "dataConnector": { + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json new file mode 100644 index 000000000000..55b2179ae246 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "dataConnector": { + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + }, + "dcrConfig": { + "dataCollectionEndpoint": "https://microsoft-sentinel-datacollectionendpoint-123m.westeurope-1.ingest.monitor.azure.com", + "dataCollectionRuleImmutableId": "dcr-de21b053bd5a44beb99a256c9db85023", + "streamName": "SENTINEL_GCP_AUDIT_LOGS" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..714a0da42f7a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..f01b8ba00364 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "dataConnector": { + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "1970-01-01T00:00:00.000Z" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "MicrosoftThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json new file mode 100644 index 000000000000..27a99a85f339 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "178265c4-3136-4ff6-8ed1-b5b62b4cb5f5", + "dataTypes": { + "incidents": { + "state": "Disabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Disabled55" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/595c870a-5b74-4a23-984c-9ddba29cefe3", + "name": "595c870a-5b74-4a23-984c-9ddba29cefe3", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "2b61bd0c-62b4-4968-8f9a-71b91be61127", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Disabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..e2b1824e2d16 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json new file mode 100644 index 000000000000..c094b22fdda2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json new file mode 100644 index 000000000000..d6af2cc42cc4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..18ede124a18f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "kind": "ThreatIntelligence", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json new file mode 100644 index 000000000000..2b7fca9c209c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "dataConnector": { + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "dd124572-4962-4495-9bd2-9dade12314b4", + "friendlyName": "testTaxii", + "userName": "--", + "password": "--", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "d12423f6-a60b-4ca5-88c0-feb1a182d0f0", + "kind": "ThreatIntelligenceTaxii", + "properties": { + "tenantId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "taxiiServer": "https://limo.anomali.com/api/v1/taxii2/feeds", + "collectionId": "135", + "workspaceId": "28e5f051-34cb-4208-9037-693e5342a871", + "friendlyName": "testTaxii", + "userName": null, + "password": null, + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json new file mode 100644 index 000000000000..65f335a62a70 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json new file mode 100644 index 000000000000..65f335a62a70 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json new file mode 100644 index 000000000000..e0dac8c7208d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json new file mode 100644 index 000000000000..672bb19ccc85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json new file mode 100644 index 000000000000..816039e5fc1e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json new file mode 100644 index 000000000000..672bb19ccc85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json new file mode 100644 index 000000000000..672bb19ccc85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json new file mode 100644 index 000000000000..672bb19ccc85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json new file mode 100644 index 000000000000..45fb56fbff09 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "disconnectBody": {} + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json new file mode 100644 index 000000000000..286ce67b25a7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "customImage": "The image connector content", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json new file mode 100644 index 000000000000..09d3303a3d8d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json new file mode 100644 index 000000000000..a45891d5f9a7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "afef3743-0c88-469c-84ff-ca2e87dc1e48" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesS3", + "properties": { + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ], + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json new file mode 100644 index 000000000000..29524857db48 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..eb3ec118d451 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "07e42cb3-e658-4e90-801c-efa0f29d3d44" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json new file mode 100644 index 000000000000..570a660e4643 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json new file mode 100644 index 000000000000..b81f08c8c6d2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -0,0 +1,508 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "name": "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureSecurityCenter", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "pollingFrequency": "OnceAMinute", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "name": "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureActiveDirectory", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44", + "name": "07e42cb3-e658-4e90-801c-efa0f29d3d44", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "AzureAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesCloudTrail", + "properties": { + "awsRoleArn": "myAwsRoleArn", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "afef3743-0c88-469c-84ff-ca2e87dc1e48", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "AmazonWebServicesS3", + "properties": { + "destinationTable": "AWSVPCFlow", + "roleArn": "arn:aws:iam::072643944673:role/RoleName", + "sqsUrls": [ + "https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName" + ], + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "APIPolling", + "properties": { + "connectorUiConfig": { + "title": "GitHub Enterprise Audit Log", + "publisher": "GitHub", + "descriptionMarkdown": "The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.", + "graphQueriesTableName": "GitHubAuditLogPolling_CL", + "graphQueries": [ + { + "metricName": "Total events received", + "legend": "GitHub audit log events", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "All logs", + "query": "{{graphQueriesTableName}}\n | take 10 " + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "SentinelKindsV2", + "value": [] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "GitHub API personal token Key", + "description": "You need access to GitHub personal token, the key should have 'admin:org' scope" + } + ] + }, + "instructionSteps": [ + { + "title": "Connect GitHub Enterprise Audit Log to Azure Sentinel", + "description": "Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key", + "instructions": [ + { + "parameters": { + "enable": "true", + "userRequestPlaceHoldersInput": [ + { + "displayText": "Organization Name", + "requestObjectKey": "apiEndpoint", + "placeHolderName": "{{placeHolder1}}", + "placeHolderValue": "" + } + ] + }, + "type": "APIKey" + } + ] + } + ] + }, + "pollingConfig": { + "auth": { + "authType": "APIKey", + "apiKeyIdentifier": "token", + "apiKeyName": "Authorization" + }, + "request": { + "apiEndpoint": "https://api.github.com/organizations/{{placeHolder1}}/audit-log", + "rateLimitQps": 50, + "queryWindowInMin": 15, + "httpMethod": "Get", + "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ", + "retryCount": 2, + "timeoutInSeconds": 60, + "headers": { + "Accept": "application/json", + "User-Agent": "Scuba" + }, + "queryParameters": { + "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}" + } + }, + "paging": { + "pagingType": "LinkHeader", + "pageSizeParaName": "per_page" + }, + "response": { + "eventsJsonPaths": [ + "$" + ] + } + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json new file mode 100644 index 000000000000..2d03315f2bd7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c2541efb-c9a6-47fe-9501-87d1017d1512" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "c2541efb-c9a6-47fe-9501-87d1017d1512", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Dynamics365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "dynamics365CdsActivities": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json new file mode 100644 index 000000000000..12f09116c32b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json @@ -0,0 +1,156 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "316ec55e-7138-4d63-ab18-90c8a60fd1c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "name": "316ec55e-7138-4d63-ab18-90c8a60fd1c8", + "etag": "\"1a00b074-0000-0100-0000-606ef5bd0000\"", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Qualys Vulnerability Management (CCP DEMO)", + "publisher": "Qualys", + "descriptionMarkdown": "The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation ", + "customImage": "The image connector content", + "graphQueriesTableName": "QualysHostDetection_CL", + "graphQueries": [ + { + "metricName": "Total data received", + "legend": "{{graphQueriesTableName}}", + "baseQuery": "{{graphQueriesTableName}}" + } + ], + "sampleQueries": [ + { + "description": "Top 10 Vulerabilities detected", + "query": "{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "IsConnectedQuery", + "value": [ + "{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": true + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Qualys API Key", + "description": "A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)." + } + ] + }, + "instructionSteps": [ + { + "title": "", + "description": ">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "title": "", + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "title": "", + "description": "**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes." + }, + { + "title": "", + "description": "**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available.", + "instructions": [ + { + "parameters": { + "fillWith": [ + "WorkspaceId" + ], + "label": "Workspace ID" + }, + "type": "CopyableLabel" + }, + { + "parameters": { + "fillWith": [ + "PrimaryKey" + ], + "label": "Primary Key" + }, + "type": "CopyableLabel" + } + ] + }, + { + "title": "Option 1 - Azure Resource Manager (ARM) Template", + "description": "Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy." + }, + { + "title": "Option 2 - Manual Deployment of Azure Functions", + "description": "Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions." + }, + { + "title": "", + "description": "**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**." + }, + { + "title": "", + "description": "**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**." + }, + { + "title": "", + "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\tfilterParameters\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**." + }, + { + "title": "", + "description": "**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)" + } + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json new file mode 100644 index 000000000000..5fad300dcd5b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/GCP_afef3743-0c88-469c-84ff-ca2e87dc1e48", + "name": "GCP_fce27b90-d6f5-4d30-991a-af509a2b50a1", + "type": "Microsoft.SecurityInsights/dataConnectors", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "GCP", + "properties": { + "connectorDefinitionName": "GcpConnector", + "auth": { + "serviceAccountEmail": "sentinel-service-account@project-id.iam.gserviceaccount.com", + "projectNumber": "123456789012", + "workloadIdentityProviderId": "sentinel-identity-provider", + "type": "GCP" + }, + "request": { + "projectId": "project-id", + "subscriptionNames": [ + "sentinel-subscription" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json new file mode 100644 index 000000000000..f9ddbf056bb6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "name": "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "IOT", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "subscriptionId": "c0688291-89d7-4bed-87a2-a7b1bff43f4c", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json new file mode 100644 index 000000000000..ee57e4c6638a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "b96d014d-b5c2-4a01-9aba-a8058f629d42" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42", + "name": "b96d014d-b5c2-4a01-9aba-a8058f629d42", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftCloudAppSecurity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + }, + "discoveryLogs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json new file mode 100644 index 000000000000..b2f6d80a470f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "06b3ccb8-1384-4bcc-aec7-852f6d57161b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "name": "06b3ccb8-1384-4bcc-aec7-852f6d57161b", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftDefenderAdvancedThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json new file mode 100644 index 000000000000..fd9e6037cddb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeIRM", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json new file mode 100644 index 000000000000..acc90145655c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftPurviewInformationProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json new file mode 100644 index 000000000000..a43f8abe72bb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "microsoftEmergingThreatFeed": { + "state": "Enabled", + "lookbackPeriod": "01/01/1970 00:00:00" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json new file mode 100644 index 000000000000..2c0d3e5e3993 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "MicrosoftThreatProtection", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "incidents": { + "state": "Enabled" + }, + "alerts": { + "state": "Enabled" + } + }, + "filteredProviders": { + "alerts": [ + "microsoftDefenderForCloudApps" + ] + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json new file mode 100644 index 000000000000..a19eefa3cc8e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "3d3e955e-33eb-401d-89a7-251c81ddd660" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660", + "name": "3d3e955e-33eb-401d-89a7-251c81ddd660", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficeATP", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "alerts": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json new file mode 100644 index 000000000000..38c68297b014 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365Project", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json new file mode 100644 index 000000000000..702b147fe1ff --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "Office365", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "sharePoint": { + "state": "Enabled" + }, + "exchange": { + "state": "Enabled" + }, + "teams": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json new file mode 100644 index 000000000000..63363ade4040 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "OfficePowerBI", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "dataTypes": { + "logs": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..6143e53a26b1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c345bf40-8509-4ed2-b947-50cb773aaf04" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04", + "name": "c345bf40-8509-4ed2-b947-50cb773aaf04", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligence", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "tipLookbackPeriod": "2020-01-01T13:00:30.123Z", + "dataTypes": { + "indicators": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json new file mode 100644 index 000000000000..1f68b44f110b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "dataConnectorId": "c39bb458-02a7-4b3f-b0c8-71a1d2692652" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "name": "c39bb458-02a7-4b3f-b0c8-71a1d2692652", + "type": "Microsoft.SecurityInsights/dataConnectors", + "kind": "ThreatIntelligenceTaxii", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "tenantId": "2070ecc9-b4d5-4ae4-adaa-936fa1954fa8", + "workspaceId": "8b014a77-4695-4ef4-96bb-6623afb121a2", + "friendlyName": "My TI Taxii Connector", + "taxiiServer": "https://mytaxiiserver.com/taxiing/v2/api", + "collectionId": "e0b1f32d-1188-48f7-a7a3-de71924e4b5e", + "userName": "", + "password": "", + "taxiiLookbackPeriod": "2020-01-01T13:00:30.123Z", + "pollingFrequency": "OnceADay", + "dataTypes": { + "taxiiClient": { + "state": "Enabled" + } + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json new file mode 100644 index 000000000000..ea71a73024a9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "ipAddress": "1.2.3.4" + }, + "responses": { + "200": { + "body": { + "asn": "12345", + "carrier": "Microsoft", + "city": "Redmond", + "cityCf": 90, + "continent": "north america", + "country": "united states", + "countryCf": 99, + "ipAddr": "1.2.3.4", + "ipRoutingType": "fixed", + "latitude": "40.2436", + "longitude": "-100.8891", + "organization": "Microsoft", + "organizationType": "tech", + "region": "western usa", + "state": "washington", + "stateCf": null, + "stateCode": "wa" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json new file mode 100644 index 000000000000..b69065caf7c3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "domain": "microsoft.com" + }, + "responses": { + "200": { + "body": { + "domain": "microsoft.com", + "server": null, + "created": "2021-09-01T16:15:01.187045Z", + "updated": "2021-09-01T16:15:01.187045Z", + "expires": null, + "parsedWhois": { + "registrar": { + "name": "MarkMonitor, Inc", + "abuseContactPhone": "12083895770", + "abuseContactEmail": "abuse@microsoft.com", + "url": "http://www.markmonitor.com", + "whoisServer": "whois.markmonitor.com" + }, + "contacts": { + "admin": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "registrant": null, + "billing": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + }, + "tech": { + "name": "Administrator", + "org": "Microsoft", + "street": [ + "One Microsoft Way" + ], + "city": null, + "state": "WA", + "postal": "98052", + "country": "United States", + "phone": "1-800-555-1234", + "fax": null, + "email": "mail@microsoft.com" + } + }, + "nameServers": [ + "ns1-205.azure-dns.com", + "ns2-205.azure-dns.net", + "ns3-205.azure-dns.org", + "ns4-205.azure-dns.info" + ], + "statuses": [ + "clientUpdateProhibited", + "clientTransferProhibited", + "clientDeleteProhibited", + "serverUpdateProhibited", + "serverTransferProhibited", + "serverDeleteProhibited" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json new file mode 100644 index 000000000000..9bf1fffb9e01 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0", + "dnsDomain": "contoso.com" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json new file mode 100644 index 000000000000..008ec3393fdc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "AzureResource", + "properties": { + "friendlyName": "vm1", + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json new file mode 100644 index 000000000000..967fdad88aa1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "CloudApplication", + "properties": { + "friendlyName": "AppName", + "appId": 1, + "appName": "AppName", + "instanceName": "InstanceName" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json new file mode 100644 index 000000000000..e8ee4514c86a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "f4e74920-f2c0-4412-a45f-66d94fdf01f8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "name": "f4e74920-f2c0-4412-a45f-66d94fdf01f8", + "type": "Microsoft.SecurityInsights/entities", + "kind": "DnsResolution", + "properties": { + "friendlyName": "domain", + "domainName": "domain", + "ipAddressEntityIds": [ + "475d3120-33e0-4841-9f1c-a8f15a801d19" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json new file mode 100644 index 000000000000..f7be93c235ce --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Account", + "properties": { + "friendlyName": "administrator", + "accountName": "administrator", + "ntDomain": "domain", + "upnSuffix": "contoso", + "sid": "S-1-5-18", + "aadTenantId": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "aadUserId": "f7033626-2572-46b1-bba0-06646f4f95b3", + "puid": "ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d", + "isDomainJoined": true, + "objectGuid": "11227b78-3c6e-436e-a2a2-02fc7662eca0" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "name": "fed9fe89-dce8-40f2-bf44-70f23fe93b3c", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json new file mode 100644 index 000000000000..115390796311 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "File", + "properties": { + "friendlyName": "cmd.exe", + "directory": "C:\\Windows\\System32", + "fileName": "cmd.exe" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json new file mode 100644 index 000000000000..8181ac42612c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "ea359fa6-c1e5-f878-e105-6344f3e399a1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1", + "name": "ea359fa6-c1e5-f878-e105-6344f3e399a1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "FileHash", + "properties": { + "friendlyName": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)", + "hashValue": "E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0", + "algorithm": "SHA256" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json new file mode 100644 index 000000000000..c4ae39a1e4bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Host", + "properties": { + "friendlyName": "vm1", + "dnsDomain": "contoso", + "ntDomain": "domain", + "hostName": "vm1", + "netBiosName": "contoso", + "azureID": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1", + "omsAgentID": "70fbdad0-7441-4564-b2b5-2b8862d0fee0", + "osFamily": "Windows", + "osVersion": "1.0", + "isDomainJoined": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json new file mode 100644 index 000000000000..4afa77f0ec85 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "IoTDevice", + "properties": { + "friendlyName": "device1", + "deviceId": "device1", + "deviceName": "device1", + "iotHubEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c", + "nicEntityIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2" + ], + "deviceType": "Industrial", + "firmwareVersion": "20.11", + "importance": "Normal", + "isAuthorized": true, + "isProgramming": false, + "isScanner": false, + "model": "demo-model", + "protocols": [ + "CIP", + "EtherNet/IP" + ], + "operatingSystem": "Windows", + "purdueLayer": "ProcessControl", + "sensor": "demo-sensor", + "site": "demo-site", + "vendor": "demo-vendor", + "zone": "zone" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json new file mode 100644 index 000000000000..5377e956aca9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "friendlyName": "10.3.2.8", + "address": "10.3.2.8" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json new file mode 100644 index 000000000000..646d7933a2b2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailCluster", + "properties": { + "friendlyName": "ClusterSourceIdentifier", + "networkMessageIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "countByDeliveryStatus": { + "deliveryStatus": 5 + }, + "countByThreatType": { + "threatType": 6 + }, + "countByProtectionStatus": { + "protectionStatus": 65 + }, + "threats": [ + "thrreat1", + "thread2" + ], + "query": "kqlFilter", + "queryTime": "2021-09-01T01:42:01.6026755Z", + "source": "ClusterSourceIdentifier", + "clusterSourceIdentifier": "cluster source identifier", + "clusterSourceType": "Similarity", + "clusterGroup": "cluster group" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json new file mode 100644 index 000000000000..221a39b6a9d4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "MailMessage", + "properties": { + "friendlyName": "cmd.exe", + "fileEntityIds": [ + "ccfce855-e02f-491b-a1cc-5bafb371ad0c" + ], + "recipient": "recipient", + "urls": [ + "http://moqbrarcwmnk.banxhdcojlg.biz" + ], + "threats": [ + "thrreat1", + "thread2" + ], + "p1Sender": "email@fake.com", + "p1SenderDisplayName": "p1 sender display name", + "p1SenderDomain": "p1 sender domain", + "senderIP": "1.23.34.43", + "p2Sender": "the sender", + "deliveryAction": "Blocked", + "p2SenderDisplayName": "p2 sender display name", + "p2SenderDomain": "p2 Sender Domain", + "internetMessageId": "message id", + "subject": "subject", + "language": "language", + "threatDetectionMethods": [ + "thrreat1", + "thread2" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json new file mode 100644 index 000000000000..fb7571d1ae64 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Mailbox", + "properties": { + "friendlyName": "emailAddress1", + "displayName": "display name", + "mailboxPrimaryAddress": "emailAddress1", + "upn": "upn1", + "externalDirectoryObjectId": "18cc8fdc-e169-4451-983a-bd027db286eb" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json new file mode 100644 index 000000000000..7ba56c65732b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "af378b21-b4aa-4fe7-bc70-13f8621a322f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f", + "name": "af378b21-b4aa-4fe7-bc70-13f8621a322f", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Malware", + "properties": { + "malwareName": "Win32/Toga!rfn", + "category": "Trojan", + "friendlyName": "Win32/Toga!rfn" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json new file mode 100644 index 000000000000..90c3ebb9395e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "7264685c-038c-42c6-948c-38e14ef1fb98" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98", + "name": "7264685c-038c-42c6-948c-38e14ef1fb98", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Process", + "properties": { + "friendlyName": "cmd.exe", + "processId": "0x2aa48", + "commandLine": "\"cmd\"", + "imageFileEntityId": "bba7b47b-c1c1-4021-b568-5b07b9292f5e" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json new file mode 100644 index 000000000000..c7c4d24bef2c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json @@ -0,0 +1,456 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "kind": "Insight" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6", + "name": "6db7f5d1-f41e-46c2-b935-230b36a569e6", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Actions on account", + "description": "Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n", + "baseQuery": "let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Action", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Most Recent", + "outputType": "Date", + "supportDeepLink": false + }, + { + "header": "Count", + "outputType": "Number", + "supportDeepLink": true + } + ], + "queriesDefinitions": [ + { + "filter": "where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Blocked from self-service password reset', '4740')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Add user', '4720')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Delete user', '4726')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where OperationName in~ ('Update user','4738')", + "summarize": "summarize MostRecent = max(TimeGenerated), Count = count() by OperationName", + "project": "project Title = OperationName, MostRecent, Count", + "linkColumnsDefinitions": [ + { + "projectedName": "Count", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Actions by type", + "dataSets": [ + { + "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", + "xColumnName": "TimeGenerated", + "yColumnName": "Count", + "legendColumnName": "OperationName" + } + ], + "type": "BarChart" + }, + "additionalQuery": { + "text": "See all account activity", + "query": "project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_NTDomain" + ], + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ], + [ + "Account_SID" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32", + "name": "0a5d7b14-b485-450a-a0ac-4100c860ac32", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high office operation count", + "description": "Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Operation", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "Operation", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous operation timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "Operation" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous operations", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "name": "e6cf68e6-1eca-4fbb-9fad-6280f2a9476e", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Resource access", + "description": "Provides the count and distinct resource accesses by a given user account\n", + "baseQuery": "let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Resource Type", + "outputType": "String", + "supportDeepLink": false + }, + { + "header": "Distinct Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "Total Resources", + "outputType": "Number", + "supportDeepLink": true + }, + { + "header": "IPAddress(es)", + "outputType": "String", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "where Operation =~ 'FileUploaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + }, + { + "filter": "where Operation =~ 'FileDownloaded'", + "summarize": "summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation", + "project": "project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')", + "linkColumnsDefinitions": [ + { + "projectedName": "DistinctResources", + "Query": "{{BaseQuery}} | " + }, + { + "projectedName": "TotalResources", + "Query": "{{BaseQuery}} | " + } + ] + } + ] + }, + "chartQuery": { + "title": "Resource access over time", + "dataSets": [ + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + }, + { + "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", + "xColumnName": "TimeGenerated", + "yColumnName": "TotalResources", + "legendColumnName": "Legend" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "See all resource activity", + "query": "where Operation in~ (Operations)" + }, + "defaultTimeRange": { + "beforeRange": "12h", + "afterRange": "12h" + }, + "referenceTimeRange": null, + "dataTypes": [ + { + "dataType": "OfficeActivity" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "name": "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4", + "type": "Microsoft.SecurityInsights/entities/queries", + "kind": "Insight", + "properties": { + "displayName": "Anomalously high Azure sign-in result count", + "description": "Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days.", + "baseQuery": "let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n", + "tableQuery": { + "columnsDefinitions": [ + { + "header": "Result Description", + "outputType": "String", + "supportDeepLink": true + }, + { + "header": "Expected Count", + "outputType": "Number", + "supportDeepLink": false + }, + { + "header": "Actual Count", + "outputType": "Number", + "supportDeepLink": false + } + ], + "queriesDefinitions": [ + { + "filter": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n", + "summarize": "take 1", + "project": "project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)", + "linkColumnsDefinitions": [ + { + "projectedName": "ResultDescription", + "Query": "{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n" + } + ] + } + ] + }, + "chartQuery": { + "title": "Anomalous sign-in result timeline", + "dataSets": [ + { + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", + "xColumnName": "TimeGenerated", + "yColumnName": "count_", + "legendColumnName": "ResultDescription" + } + ], + "type": "LineChart" + }, + "additionalQuery": { + "text": "Query all anomalous sign-in results", + "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n" + }, + "defaultTimeRange": { + "beforeRange": "1d", + "afterRange": "0d" + }, + "referenceTimeRange": { + "beforeRange": "12d" + }, + "dataTypes": [ + { + "dataType": "SigninLogs" + } + ], + "inputEntityType": "Account", + "requiredInputFieldsSets": [ + [ + "Account_Name", + "Account_UPNSuffix" + ], + [ + "Account_AADUserId" + ] + ], + "entitiesFilter": {} + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json new file mode 100644 index 000000000000..fe91c373405d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryKey", + "properties": { + "friendlyName": "SOFTWARE", + "hive": "HKEY_LOCAL_MACHINE", + "key": "SOFTWARE" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json new file mode 100644 index 000000000000..f4f0a18feeea --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "dc44bd11-b348-4d76-ad29-37bf7aa41356" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356", + "name": "dc44bd11-b348-4d76-ad29-37bf7aa41356", + "type": "Microsoft.SecurityInsights/entities", + "kind": "RegistryValue", + "properties": { + "friendlyName": "Data", + "valueName": "Name", + "valueData": "Data", + "valueType": "String", + "keyEntityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json new file mode 100644 index 000000000000..3a02825cc871 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "4aa486e0-6f85-41af-99ea-7acdce7be6c8", + "intent": "Unknown", + "alertDisplayName": "Suspicious account detected", + "description": "", + "confidenceLevel": "Unknown", + "severity": "Medium", + "vendorName": "Microsoft", + "productName": "Azure Sentinel", + "productComponentName": "Scheduled Alerts", + "alertType": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df", + "providerAlertId": "c2bafff9-fb31-41d0-a177-ecbff7a02ffe", + "processingEndTime": "2019-07-06T13:56:53.5392366Z", + "status": "New", + "endTimeUtc": "2021-09-01T13:21:45.926185Z", + "startTimeUtc": "2021-09-01T08:21:45.926185Z", + "timeGenerated": "2021-09-01T13:56:53.5392366Z", + "tactics": [ + "Persistence", + "LateralMovement" + ], + "additionalData": { + "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", + "Query Period": "05:00:00", + "Trigger Operator": "GreaterThan", + "Trigger Threshold": "200", + "Search Query Results Overall Count": "203", + "Total Account Entities": "1" + }, + "friendlyName": "Suspicious account detected", + "alertLink": "https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json new file mode 100644 index 000000000000..3f3588dcbd0c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SecurityGroup", + "properties": { + "friendlyName": "Name", + "distinguishedName": "Name", + "sid": "Sid", + "objectGuid": "fb1b8e04-d944-4986-b39a-1ce9adedcd98" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json new file mode 100644 index 000000000000..448f083ab7f8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "SubmissionMail", + "properties": { + "friendlyName": "recipient", + "submissionId": "5bb3d8fe-54bc-499c-bc21-86fe8df2a184", + "submitter": "submitter", + "recipient": "recipient", + "sender": "sender", + "senderIp": "1.4.35.34", + "subject": "subject", + "reportType": "report type" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json new file mode 100644 index 000000000000..6894cdbdf3fe --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Url", + "properties": { + "friendlyName": "https://bing.com", + "url": "https://bing.com" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json new file mode 100644 index 000000000000..176f826bd618 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "expansionId": "a77992f3-25e9-4d01-99a4-5ff606cc410a", + "startTime": "2019-04-25T00:00:00.000Z", + "endTime": "2019-05-26T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/entities", + "kind": "Ip", + "properties": { + "address": "13.89.108.248", + "friendlyName": "13.89.108.248" + } + } + ], + "edges": [ + { + "targetEntityId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002", + "additionalData": { + "EpochTimestamp": "1608289949", + "FirstSeen": "2021-09-01T11:12:29.597Z", + "Source": "Heartbeat" + } + } + ] + }, + "metaData": { + "aggregations": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json new file mode 100644 index 000000000000..2391078ee5d5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "addDefaultExtendedTimeRange": false, + "startTime": "2021-09-01T00:00:00.000Z", + "endTime": "2021-10-01T00:00:00.000Z", + "insightQueryIds": [ + "cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4" + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "tableQueryResults": { + "columns": [ + { + "name": "Title", + "type": "string" + }, + { + "name": "NameCount", + "type": "long" + }, + { + "name": "SIDCount", + "type": "long" + }, + { + "name": "InternalOrder", + "type": "long" + }, + { + "name": "Index", + "type": "long" + } + ], + "rows": [ + [ + "MyTitle", + "15", + "SID", + "1", + "1" + ] + ] + }, + "chartQueryResults": [ + { + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime" + }, + { + "name": "Count", + "type": "long" + }, + { + "name": "Legend", + "type": "string" + } + ], + "rows": [ + [ + "2021-09-01T00:00:00.000Z", + "55", + "SomeLegend" + ] + ] + } + ], + "queryTimeInterval": { + "startTime": "2021-09-01T23:35:20Z", + "endTime": "2021-09-01T23:35:20Z" + }, + "queryId": "e29ee1ef-7445-455e-85f1-269f2d536d61" + } + ], + "metaData": { + "totalCount": 7, + "errors": [ + { + "kind": "Insight", + "queryId": "4a70a63d-25c4-6312-b73e-4f302a90c06a", + "errorMessage": "Internal server error" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json new file mode 100644 index 000000000000..35ed9c59cddd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json new file mode 100644 index 000000000000..9ed4cb00fa52 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/entities/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/incidents" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json new file mode 100644 index 000000000000..b88e4c341dd5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityId": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "parameters": { + "numberOfBucket": 4, + "startTime": "2021-09-01T00:00:00.000Z", + "endTime": "2021-10-01T00:00:00.000Z" + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "kind": "SecurityAlert", + "description": "The alert description", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50", + "productName": "Azure Sentinel", + "displayName": "Alert display name", + "severity": "Medium", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "alertType": "4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae", + "Intent": "Discovery" + }, + { + "kind": "Activity", + "queryId": "e0459780-ac9d-4b72-8bd4-fecf6b46a0a1", + "bucketStartTimeUTC": "2021-09-01T21:31:28.02Z", + "bucketEndTimeUTC": "2021-09-01T23:31:28.02Z", + "firstActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "lastActivityTimeUTC": "2021-09-01T21:35:28.02Z", + "content": "he user has deleted the account 3 time(s)", + "title": "The user has deleted an account" + }, + { + "kind": "Anomaly", + "azureResourceId": "4467341f-fb73-4f99-a9b3-29473532cf5a_d56430ef-f421-2c9c-0b7d-d082285843c6", + "description": "Anomalous private to public port scanning activity with high destination port count along with low port ratio. The ratios are normalized by multiplying them by 10,000 to get them to a more usable value between 0.0 and 1.0.", + "productName": "Azure Sentinel", + "displayName": "(Preview) Anomalous scanning activity", + "endTimeUtc": "2021-09-01T23:31:28.02Z", + "startTimeUtc": "2021-09-01T23:32:28.01Z", + "timeGenerated": "2021-09-01T23:37:25.8136594Z", + "vendor": "Microsoft", + "intent": "Discovery", + "techniques": [ + "T1046" + ], + "reasons": [ + "High destination port count", + "Low port ratio" + ] + } + ], + "metaData": { + "totalCount": 6, + "aggregations": [ + { + "count": 4, + "kind": "Activity" + }, + { + "count": 2, + "kind": "SecurityAlert" + }, + { + "count": 1, + "kind": "Anomaly" + } + ], + "errors": [ + { + "kind": "Activity", + "queryId": "11067f9f-d6a7-4488-887f-0ba564268879", + "errorMessage": "syntax error" + }, + { + "kind": "SecurityAlert", + "errorMessage": "internal server error" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json new file mode 100644 index 000000000000..d2b3be91a31b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "entityQuery": { + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "kind": "Activity", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json new file mode 100644 index 000000000000..af9fa196b779 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json new file mode 100644 index 000000000000..e7962e195637 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "enabled": true, + "templateName": null, + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json new file mode 100644 index 000000000000..528f8bde47c0 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "kind": "Expansion", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Least active accounts on Azure from this IP" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')", + "inputFields": [ + "address" + ], + "outputEntityTypes": [ + "Account" + ], + "dataSources": [ + "AzureActivity" + ], + "inputEntityType": "IP", + "displayName": "Most active accounts on Azure from this IP" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json new file mode 100644 index 000000000000..555bb7f02956 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueries", + "etag": null, + "kind": "Expansion", + "properties": { + "queryTemplate": "let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))", + "inputFields": [ + "hostName" + ], + "outputEntityTypes": [ + "Process" + ], + "dataSources": [ + "SecurityEvent" + ], + "inputEntityType": "Host", + "displayName": "Parent processes running on host" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json new file mode 100644 index 000000000000..24c328c2ac40 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityQueryTemplateId": "07da3cc8-c8ad-4710-a44e-334cdcb7882b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "name": "07da3cc8-c8ad-4710-a44e-334cdcb7882b", + "type": "Microsoft.SecurityInsights/entityQueryTemplate", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json new file mode 100644 index 000000000000..656a9c7402d4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -0,0 +1,105 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "kind": "Activity", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/37ca3555-c135-4a73-a65e-9c1d00323f5d", + "name": "37ca3555-c135-4a73-a65e-9c1d00323f5d", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/97a1d515-abf2-4231-9a35-985f9de0bb91", + "name": "97a1d515-abf2-4231-9a35-985f9de0bb91", + "type": "Microsoft.SecurityInsights/entityQueryTemplates", + "kind": "Activity", + "properties": { + "title": "An account was deleted on this host", + "content": "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'", + "description": "Account deleted on host", + "queryDefinitions": { + "query": "let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 " + }, + "inputEntityType": "Host", + "requiredInputFieldsSets": [ + [ + "Host_HostName", + "Host_NTDomain" + ], + [ + "Host_HostName", + "Host_DnsDomain" + ], + [ + "Host_AzureID" + ], + [ + "Host_OMSAgentID" + ] + ], + "entitiesFilter": { + "Host_OsFamily": [ + "Windows" + ] + }, + "dataTypes": [ + { + "dataType": "AuditLogs" + }, + { + "dataType": "SecurityEvent" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json new file mode 100644 index 000000000000..b069066bdfb2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "fileImport": { + "properties": { + "source": "mySource", + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON" + }, + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 4653, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/fileName.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "deleteStatus": "NotDeleted" + }, + "state": "WaitingForUpload", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": null, + "validRecordCount": null, + "ingestedRecordCount": null, + "createdTimeUTC": "2022-04-04T20:05:59.847136Z", + "filesValidUntilTimeUTC": "2022-04-05T20:05:59.8471361Z", + "importValidUntilTimeUTC": "2022-05-04T20:05:59.8471366Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json new file mode 100644 index 000000000000..e0a002c8157a --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "202": { + "headers": { + "location": "https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + }, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json new file mode 100644 index 000000000000..dce50a8217ef --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "fileImportId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "myFile.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": "https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=&sktid=&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=", + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json new file mode 100644 index 000000000000..9fb527bcf1fc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "type": "Microsoft.SecurityInsights/FileImports", + "properties": { + "importFile": { + "fileName": "fileName.json", + "fileSize": 5146, + "fileFormat": "JSON", + "fileContentUri": null, + "deleteStatus": "NotDeleted" + }, + "state": "Ingested", + "contentType": "StixIndicator", + "ingestionMode": "IngestAnyValidRecords", + "totalRecordCount": 5, + "validRecordCount": 5, + "ingestedRecordCount": 5, + "createdTimeUTC": "2022-03-25T21:02:38.8350631Z", + "filesValidUntilTimeUTC": "2022-03-26T21:02:38.8350632Z", + "importValidUntilTimeUTC": "2022-04-24T21:02:38.8350636Z", + "source": "mySource" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json new file mode 100644 index 000000000000..e126108dab62 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "hunt": { + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "huntSequenceNumber": 0, + "huntStartTimeUtc": "2022-03-11T09:47:15.438Z", + "huntEndTimeUtc": "2022-03-12T09:47:15.438Z", + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json new file mode 100644 index 000000000000..7b7365912e83 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntComment": { + "properties": { + "message": "This is a test comment." + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a test comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json new file mode 100644 index 000000000000..ebed3f4998f7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "huntRelation": { + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "labels": [ + "Test Label" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "Test Label" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json new file mode 100644 index 000000000000..ba810d97f01e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json new file mode 100644 index 000000000000..e86c41d6735f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c123456" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json new file mode 100644 index 000000000000..cb756b7c48b7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json new file mode 100644 index 000000000000..bf701358cba5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f", + "name": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt ", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json new file mode 100644 index 000000000000..e08fd61811da --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntCommentId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "systemData": { + "createdAt": "2021-08-15T16:42:38.8709453Z", + "createdBy": "testuser@microsoft.com", + "createdByType": "User", + "lastModifiedAt": "2021-08-19T16:42:38.8709453Z", + "lastModifiedBy": "testuser@microsoft.com", + "lastModifiedByType": "User" + }, + "properties": { + "message": "This is a comment." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json new file mode 100644 index 000000000000..ed0001a27b9c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/comments/2216d0e1-91e3-4902-89fd-d2df8c123456", + "name": "2216d0e1-91e3-4902-89fd-d2df8c123456", + "etag": "\"3102f74d-0000-0c00-0000-629e6e050000\"", + "type": "Microsoft.SecurityInsights/hunts/comments", + "properties": { + "message": "This is a test comment." + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json new file mode 100644 index 000000000000..b93617eb2015 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f", + "huntRelationId": "2216d0e1-91e3-4902-89fd-d2df8c535096" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json new file mode 100644 index 000000000000..65bd29d6f1b9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "huntId": "163e7b2a-a2ec-4041-aaba-d878a38f265f" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/hunts/163e7b2a-a2ec-4041-aaba-d878a38f265f/relations/2216d0e1-91e3-4902-89fd-d2df8c535096", + "name": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "etag": "\"26012da2-0000-0c00-0000-627ad2760000\"", + "type": "Microsoft.SecurityInsights/hunts/relations", + "properties": { + "relatedResourceId": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirint/providers/Microsoft.SecurityInsights/Bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/Bookmarks", + "labels": [ + "label1" + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json new file mode 100644 index 000000000000..412f930a8389 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/hunts/b372ee75-2cad-4b71-8917-d5d5df9315b5", + "name": "b372ee75-2cad-4b71-8917-d5d5df9315b5", + "etag": "\"de00c408-0000-0c00-0000-62741e350000\"", + "type": "Microsoft.SecurityInsights/hunts", + "properties": { + "displayName": "Log4J new hunt", + "description": "Log4J Hunt Description", + "status": "New", + "hypothesisStatus": "Unknown", + "attackTactics": [ + "Reconnaissance" + ], + "attackTechniques": [ + "T1595" + ], + "labels": [ + "Label1", + "Label2" + ], + "owner": { + "objectId": "873b5263-5d34-4149-b356-ad341b01e123", + "email": "testemail@microsoft.com", + "assignedTo": null, + "userPrincipalName": "John Doe", + "ownerType": "User" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json new file mode 100644 index 000000000000..9b876581eed2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "name": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "SecurityAlert", + "properties": { + "systemAlertId": "baa8a239-6fde-4ab7-a093-d09f7b75c58c", + "tactics": [], + "alertDisplayName": "myAlert", + "confidenceLevel": "Unknown", + "severity": "Low", + "vendorName": "Microsoft", + "productName": "Azure Security Center", + "alertType": "myAlert", + "processingEndTime": "2020-07-20T18:21:53.615Z", + "status": "New", + "endTimeUtc": "2020-07-20T18:21:53.615Z", + "startTimeUtc": "2020-07-20T18:21:53.615Z", + "timeGenerated": "2020-07-20T18:21:53.615Z", + "resourceIdentifiers": [ + { + "type": "LogAnalytics", + "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroup": "myRG" + } + ], + "additionalData": { + "alertMessageEnqueueTime": "2020-07-20T18:21:57.304Z" + }, + "friendlyName": "myAlert" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json new file mode 100644 index 000000000000..5184d084d200 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Bookmark", + "properties": { + "displayName": "SecurityEvent - 868f40f4698d", + "created": "2020-06-17T15:34:01.426+00:00", + "updated": "2020-06-17T15:34:01.426+00:00", + "createdBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@contoso.com", + "name": "user" + }, + "updatedBy": { + "objectId": "b03ca914-5eb6-45e5-9417-fe0797c372fd", + "email": "user@contoso.com", + "name": "user" + }, + "eventTime": "2020-06-17T15:34:01.426+00:00", + "labels": [], + "query": "SecurityEvent\r\n| take 1\n", + "queryResult": "{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}", + "additionalData": { + "eTag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", + "entityId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "friendlyName": "SecurityEvent - 868f40f4698d" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json new file mode 100644 index 000000000000..2ff578f0e927 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentComment": { + "properties": { + "message": "Some message" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T13:15:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json new file mode 100644 index 000000000000..bd9381743344 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json new file mode 100644 index 000000000000..b71c53efff48 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentCommentId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json new file mode 100644 index 000000000000..edee5ca7da05 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/comments", + "properties": { + "message": "Some message", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "author": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json new file mode 100644 index 000000000000..68e9efa1f352 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600" + }, + "responses": { + "200": { + "body": { + "entities": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1", + "name": "e1d3d618-e11f-478b-98e3-bb381539a8e1", + "type": "Microsoft.SecurityInsights/Entities", + "kind": "Account", + "properties": { + "accountName": "administrator", + "ntDomain": "domain", + "friendlyName": "administrator" + } + } + ], + "metaData": [ + { + "entityKind": "Account", + "count": 1 + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json new file mode 100644 index 000000000000..e68ddb21e747 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -0,0 +1,73 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "incidentTask": { + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json new file mode 100644 index 000000000000..a8cc8df2b4fa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json new file mode 100644 index 000000000000..f74e3738c85b --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incidentTaskId": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json new file mode 100644 index 000000000000..02847f210386 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/tasks/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "type": "Microsoft.SecurityInsights/incidents/tasks", + "properties": { + "title": "Task title", + "description": "Task description", + "status": "New", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "lastModifiedTimeUtc": "2019-01-03T11:10:30Z", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + }, + "lastModifiedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "name": "john doe", + "userPrincipalName": "john@contoso.com" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json new file mode 100644 index 000000000000..743b9e2969d2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "69a30280-6a4c-4aa7-9af0-5d63f335d600", + "teamProperties": { + "teamName": "Team name", + "teamDescription": "Team description", + "groupIds": null, + "memberIds": null + } + }, + "responses": { + "200": { + "body": { + "teamId": "99978838-9bda-4ad4-8f93-4cf7ebc50ca5", + "primaryChannelUrl": "https://teams.microsoft.com/l/team/19:80bf3b25485b4067b7d2dc4eec9e1578%40thread.tacv2/conversations?groupId=99978838-9bda-4ad4-8f93-4cf7ebc50ca5&tenantId=5b5a146c-eba8-46af-96f8-e31b50d15a3f", + "teamCreationTimeUtc": "2021-03-15T17:08:21.995Z", + "name": "Team name", + "description": "Team description" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json new file mode 100644 index 000000000000..beb1ab946244 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "incident": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": null, + "assignedTo": null, + "userPrincipalName": null, + "ownerType": null + }, + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0001\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json new file mode 100644 index 000000000000..2338dbf49145 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json new file mode 100644 index 000000000000..4ea889657c26 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "73e01a99-5cd7-4139-a149-9f2736ff2ab5" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json new file mode 100644 index 000000000000..57f0056ef6bf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "$orderby": "properties/createdTimeUtc desc", + "$top": 1 + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/incidents", + "properties": { + "title": "My incident", + "description": "This is a demo incident", + "severity": "High", + "status": "Closed", + "classification": "FalsePositive", + "classificationReason": "InaccurateData", + "classificationComment": "Not a malicious activity", + "owner": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john.doe@contoso.com", + "assignedTo": "john doe", + "userPrincipalName": "john@contoso.com", + "ownerType": "User" + }, + "labels": [], + "firstActivityTimeUtc": "2019-01-01T13:00:30Z", + "lastActivityTimeUtc": "2019-01-01T13:05:30Z", + "lastModifiedTimeUtc": "2019-01-01T13:15:30Z", + "createdTimeUtc": "2019-01-01T13:15:30Z", + "incidentNumber": 3177, + "additionalData": { + "alertsCount": 0, + "bookmarksCount": 0, + "commentsCount": 3, + "alertProductNames": [], + "tactics": [ + "InitialAccess", + "Persistence" + ], + "techniques": [ + "T1091", + "T1133", + "T1053" + ], + "providerIncidentUrl": "https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f" + }, + "relatedAnalyticRuleIds": [ + "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7" + ], + "incidentUrl": "https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5", + "providerName": "Azure Sentinel", + "providerIncidentId": "3177" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json new file mode 100644 index 000000000000..7fdbd49095cb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "relation": { + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json new file mode 100644 index 000000000000..f68796779584 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json new file mode 100644 index 000000000000..2ee77562bfef --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "6f714025-dd7c-46aa-b5d0-b9857488d060", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af", + "relatedResourceType": "Microsoft.SecurityInsights/entities", + "relatedResourceKind": "SecurityAlert" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json new file mode 100644 index 000000000000..dc22c32aaa48 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentId": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "relationName": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", + "type": "Microsoft.SecurityInsights/incidents/relations", + "etag": "190057d0-0000-0d00-0000-5c6f5adb0000", + "properties": { + "relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096", + "relatedResourceType": "Microsoft.SecurityInsights/bookmarks" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json new file mode 100644 index 000000000000..35e1dd7b820d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "entityIdentifier": "72e01a22-5cd2-4139-a149-9f2736ff2ar2", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd", + "incidentArmId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5" + } + }, + "responses": { + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json new file mode 100644 index 000000000000..f049caf64cf6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "incidentIdentifier": "73e01a99-5cd7-4139-a149-9f2736ff2ar4", + "manualTriggerRequestBody": { + "logicAppsResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/my-playbook-name", + "tenantId": "qwere6b2-9ac0-4464-9919-dccaee2e4ddd" + } + }, + "responses": { + "204": { + "body": {} + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json new file mode 100644 index 000000000000..4b644adc53a5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json new file mode 100644 index 000000000000..997e43f2ec09 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3", + "name": "metadataName3", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f593501d-ec01-4057-8146-a1de35c461ef", + "version": "1.0.0.0", + "kind": "Workbook", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json new file mode 100644 index 000000000000..386fac473ac1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ODataFilter": "properties/kind eq 'AnalyticsRule'", + "ODataOrderBy": "properties/parentId desc", + "ODataSkip": "2", + "ODataTop": "2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1", + "name": "metadataName1", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + }, + { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2", + "name": "metadataName2", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "f5160682-0e10-4e23-8fcf-df3df49c5522", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json new file mode 100644 index 000000000000..f69f98b36b12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json @@ -0,0 +1,104 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json new file mode 100644 index 000000000000..cf5451b34e51 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadataPatch": { + "properties": { + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "author": { + "name": "User Name", + "email": "email@microsoft.com" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json new file mode 100644 index 000000000000..7d907ee6a9ee --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json @@ -0,0 +1,286 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector", + "name": "Microsoft Defender for Endpoint" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "version": "1.0.0.0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName", + "source": { + "kind": "Solution", + "name": "Contoso Solution 1.0", + "sourceId": "b688a130-76f4-4a07-bf57-762222a3cadf" + }, + "author": { + "name": "User Name", + "email": "email@microsoft.com" + }, + "support": { + "name": "Microsoft", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/", + "tier": "Partner" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "operator": "OR", + "criteria": [ + { + "contentId": "045d06d0-ee72-4794-aba4-cf5646e4c756", + "kind": "DataConnector" + }, + { + "contentId": "dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d", + "kind": "DataConnector" + }, + { + "contentId": "de4dca9b-eb37-47d6-a56f-b8b06b261593", + "kind": "DataConnector", + "version": "2.0" + } + ] + }, + { + "kind": "Playbook", + "contentId": "31ee11cc-9989-4de8-b176-5e0ef5c4dbab", + "version": "1.0" + }, + { + "kind": "Parser", + "contentId": "21ba424a-9438-4444-953a-7059539a7a1b" + } + ] + }, + "categories": { + "domains": [ + "Application", + "Security – Insider Threat" + ], + "verticals": [ + "Healthcare" + ] + }, + "providers": [ + "Amazon", + "Microsoft" + ], + "firstPublishDate": "2021-05-18", + "lastPublishDate": "2021-05-18", + "previewImages": [ + "firstImage.png", + "secondImage.jpeg" + ], + "previewImagesDark": [ + "firstImageDark.png", + "secondImageDark.jpeg" + ], + "contentSchemaVersion": "2.0", + "customVersion": "1.0", + "threatAnalysisTactics": [ + "reconnaissance", + "commandandcontrol" + ], + "threatAnalysisTechniques": [ + "T1548", + "T1548.001" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json new file mode 100644 index 000000000000..bdf1d5a812b5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "metadataName": "metadataName", + "metadata": { + "properties": { + "contentId": "c00ee137-7475-47c8-9cce-ec6f0f1bedd0", + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "responses": { + "201": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + }, + "200": { + "body": { + "id": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName", + "name": "metadataName", + "type": "Microsoft.SecurityInsights/metadata", + "properties": { + "kind": "AnalyticsRule", + "parentId": "/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json new file mode 100644 index 000000000000..715e1e5a9401 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json new file mode 100644 index 000000000000..ec71401cf002 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json new file mode 100644 index 000000000000..81267254cda2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "name": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", + "type": "Microsoft.SecurityInsights/officeConsents", + "properties": { + "tenantId": "5460b3d2-1e7b-4757-ad54-c858c7e3f252", + "consentId": "04e5fd05-ff86-4b97-b8d2-1c20933cb46c" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json new file mode 100644 index 000000000000..14a72a0c1dbb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default", + "sentinelOnboardingStateParameter": { + "properties": { + "customerManagedKey": false + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json new file mode 100644 index 000000000000..55386e46d5d6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json new file mode 100644 index 000000000000..86a13e3c7392 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json new file mode 100644 index 000000000000..66acb61726e1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sentinelOnboardingStateName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default", + "name": "default", + "type": "Microsoft.SecurityInsights/onboardingStates", + "properties": { + "customerManagedKey": false + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json new file mode 100644 index 000000000000..2f258376212e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json @@ -0,0 +1,563 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Microsoft.SecurityInsights/operations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Operations", + "operation": "Get Operations", + "description": "Gets operations" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Get Automation Rules", + "description": "Gets an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Update Automation Rules", + "description": "Updates an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/automationRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "AutomationRules", + "operation": "Delete Automation Rules", + "description": "Deletes an automation rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Get Bookmarks", + "description": "Gets bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Update Bookmarks", + "description": "Updates bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Delete Bookmarks", + "description": "Deletes bookmarks" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Bookmarks/expand/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmarks", + "operation": "Expand on entity", + "description": "Gets related entities of an entity by a specific expansion" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Get Bookmark Relations", + "description": "Gets a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Update Bookmark Relations", + "description": "Updates a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/bookmarks/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Bookmark Relations", + "operation": "Delete Bookmark Relations", + "description": "Deletes a bookmark relation" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Get Alert Rules", + "description": "Gets the alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Update Alert Rules", + "description": "Updates alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules", + "operation": "Delete Alert Rules", + "description": "Deletes alert rules" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Get Alert Rule Response Actions", + "description": "Gets the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Update Alert Rule Response Actions", + "description": "Updates the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/alertRules/actions/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Alert Rules Actions", + "operation": "Delete Alert Rule Response Actions", + "description": "Deletes the response actions of an alert rule" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Get Data Connectors", + "description": "Gets the data connectors" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Update Data Connectors", + "description": "Updates a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectors/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectors", + "operation": "Delete a Data Connector", + "description": "Deletes a data connector" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "DataConnectorsCheckRequirements", + "operation": "Check user authorization and license", + "description": "Check user authorization and license" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Get Incidents", + "description": "Gets an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Update Incidents", + "description": "Updates an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incidents", + "operation": "Delete Incidents", + "description": "Deletes an incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Get Incident Comments", + "description": "Gets the incident comments" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Create Incident Comments", + "description": "Creates a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/comments/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Comments", + "operation": "Delete Incident Comment", + "description": "Deletes a comment on the incident" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Get Incident Relations", + "description": "Gets a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Update Incident Relations", + "description": "Updates a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/incidents/relations/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Incident Relations", + "operation": "Delete Incident Relations", + "description": "Deletes a relation between the incident and related resources" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence", + "description": "Gets Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence", + "description": "Updates Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence", + "description": "Deletes Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence", + "description": "Query Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence", + "description": "Bulk Delete Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence", + "description": "Bulk Tags Threat Intelligence" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Update Threat Intelligence Indicators", + "description": "Updates Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Delete Threat Intelligence Indicators", + "description": "Deletes Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/query/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicator Metrics", + "description": "Get Threat Intelligence Indicator Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Delete Threat Intelligence Indicators", + "description": "Bulk Delete Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Bulk Tags Threat Intelligence Indicators", + "description": "Bulk Tags Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Get Threat Intelligence Indicators", + "description": "Gets Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/metrics/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Collect Threat Intelligence Metrics", + "description": "Collect Threat Intelligence Metrics" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/createIndicator/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Create Threat Intelligence Indicator", + "description": "Create Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Append tags to Threat Intelligence Indicator", + "description": "Append tags to Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Replace Tags of Threat Intelligence Indicator", + "description": "Replace Tags of Threat Intelligence Indicator" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/threatintelligence/queryIndicators/action", + "display": { + "provider": "Microsoft Security Insights", + "resource": "ThreatIntelligence", + "operation": "Query Threat Intelligence Indicators", + "description": "Query Threat Intelligence Indicators" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Get Watchlists", + "description": "Gets Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Create Watchlists", + "description": "Create Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/Watchlists/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Watchlists", + "operation": "Delete Watchlists", + "description": "Deletes Watchlists" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/read", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Get Onboarding States", + "description": "Gets an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/write", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Update Onboarding States", + "description": "Updates an onboarding state" + }, + "origin": "user" + }, + { + "name": "Microsoft.SecurityInsights/onboardingStates/delete", + "display": { + "provider": "Microsoft Security Insights", + "resource": "Onboarding States", + "operation": "Delete Onboarding States", + "description": "Deletes an onboarding state" + }, + "origin": "user" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json new file mode 100644 index 000000000000..1b7331c896ce --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc" + }, + "responses": { + "200": { + "body": { + "recommendationTypeId": "Swagger_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByAction", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json new file mode 100644 index 000000000000..0b0107f1e892 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "recommendationTypeId": "ThreatIntelligence_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByAction", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json new file mode 100644 index 000000000000..3a662647dfea --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "recommendationId": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "recommendationPatch": [ + { + "state": "Active" + } + ] + }, + "responses": { + "202": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-09-01-preview" + }, + "body": { + "recommendationTypeId": "ThreatIntelligence_Example", + "id": "6d4b54eb-8684-4aa3-a156-3aa37b8014bc", + "priority": "Medium", + "category": "Onboarding", + "context": "None", + "content": { + "title": "someText", + "description": "someText" + }, + "resourceId": "someId", + "recommendationTypeTitle": "someText", + "recommendationTypeDescription": "someText", + "instructions": { + "actionsToBePerformed": "someText", + "recommendationImportance": "someText" + }, + "additionalProperties": { + "someKey": "someValue" + }, + "title": "someText", + "description": "someText", + "workspaceId": "9a7711dc-40de-43b5-bf7e-ba25ec4592f3", + "actions": [ + { + "linkText": "someText", + "linkUrl": "https://www.someuri.com", + "state": "Active" + } + ], + "state": "CompletedByUser", + "hideUntilTimeUtc": "2022-02-19T03:09:03.4888396+00:00", + "displayUntilTimeUtc": "2022-02-19T03:57:31.7964447+00:00", + "lastEvaluatedTimeUtc": "2022-02-19T03:09:03.4888396+00:00" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json new file mode 100644 index 000000000000..dfb6ea193d65 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "repoType": "Github", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "url": "https://api.github.com/repos/user/reponame", + "fullName": "reponame", + "branches": [ + "master", + "develop" + ] + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..9d54c0d72979 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,245 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db", + "securityMLAnalyticsSetting": { + "kind": "Anomaly", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01005144-0000-0d00-0000-6058632c0000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"01007444-0000-0d00-0000-605863a70000\"", + "kind": "Anomaly", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:17:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..4d500a46d332 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "f209187f-1d17-4431-94af-c141bf5f23db" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json new file mode 100644 index 000000000000..be754f138f11 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -0,0 +1,94 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json new file mode 100644 index 000000000000..9947ab322e92 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsResourceName": "myFirstAnomalySettings" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db", + "name": "f209187f-1d17-4431-94af-c141bf5f23db", + "etag": "\"260090e2-0000-0d00-0000-5d6fb8670000\"", + "type": "Microsoft.SecurityInsights/securityMLAnalyticsSettings", + "kind": "Anomaly", + "properties": { + "displayName": "Login from unusual region", + "description": "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.", + "enabled": true, + "lastModifiedUtc": "2021-10-20T13:13:11.5340061Z", + "requiredDataConnectors": [ + { + "connectorId": "AWS", + "dataTypes": [ + "AWSCloudTrail" + ] + } + ], + "tactics": [ + "Exfiltration", + "CommandAndControl" + ], + "techniques": [ + "T1037", + "T1021" + ], + "anomalyVersion": "1.0.5", + "customizableObservations": { + "multiSelectObservations": null, + "singleSelectObservations": [ + { + "supportedValues": [ + "Palo Alto Networks", + "Fortinet", + "Check Point" + ], + "value": [ + "Palo Alto Networks" + ], + "supportedValuesKql": null, + "valuesKql": null, + "name": "Device vendor", + "description": "Select device vendor of network connection logs from CommonSecurityLog", + "sequenceNumber": 1, + "rerun": "RerunAlways" + } + ], + "prioritizeExcludeObservations": null, + "thresholdObservations": [ + { + "minimum": "1", + "maximum": "100", + "value": "25", + "name": "Daily data transfer threshold in MB", + "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", + "sequenceNumber": 1, + "rerun": "RerunAlways" + }, + { + "minimum": "2", + "maximum": "10", + "value": "3", + "name": "Number of standard deviations", + "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", + "sequenceNumber": 2, + "rerun": "RerunAlways" + } + ], + "singleValueObservations": null + }, + "frequency": "PT1H", + "settingsStatus": "Production", + "isDefaultSettings": true, + "anomalySettingsVersion": 0, + "settingsDefinitionId": "f209187f-1d17-4431-94af-c141bf5f23db" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json new file mode 100644 index 000000000000..1e1ad703ba0e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json new file mode 100644 index 000000000000..0e6a3ed3b949 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json new file mode 100644 index 000000000000..4e4c3a845802 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json new file mode 100644 index 000000000000..918eab1a3889 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "settingsName": "EyesOn", + "settings": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": {} + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn", + "name": "EyesOn", + "type": "Microsoft.SecurityInsights/settings", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "kind": "EyesOn", + "properties": { + "isEnabled": true + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json new file mode 100644 index 000000000000..cd259c94d4aa --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -0,0 +1,162 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "sourceControl": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "My Source Control", + "description": "This is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo" + }, + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json new file mode 100644 index 000000000000..64ec9fceb7bc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "repositoryAccess": { + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + }, + "responses": { + "200": { + "body": { + "warning": { + "code": "SourceControlWarning_DeleteServicePrincipal", + "message": "ServicePrincipal has not been removed due to insufficient permissions." + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json new file mode 100644 index 000000000000..44d49fcff02d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json new file mode 100644 index 000000000000..53f76d0f5d12 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "version": "V2", + "name": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "type": "Microsoft.SecurityInsights/SourceControls", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "id": "789e0c1f-4a3d-43ad-809c-e713b677b04a", + "displayName": "My Source Control", + "description": "this is a source control", + "repoType": "Github", + "contentTypes": [ + "AnalyticRules", + "Workbook" + ], + "repository": { + "url": "https://github.com/user/repo", + "branch": "master", + "displayUrl": "https://github.com/user/repo", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "servicePrincipal": { + "id": "2d297bee-cb45-444a-a9ce-904484f0bcd6", + "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "appId": "42a43de2-b712-4408-9680-2514fed984e6" + }, + "repositoryResourceInfo": { + "webhook": { + "webhookId": "342768323", + "webhookUrl": "https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a", + "webhookSecretUpdateTime": "2021-01-01T17:18:19.1234567Z" + }, + "gitHubResourceInfo": { + "appInstallationId": "123" + }, + "azureDevOpsResourceInfo": null + }, + "lastDeploymentInfo": { + "deploymentFetchStatus": "Success", + "deployment": { + "deploymentId": "4985046420", + "deploymentState": "Completed", + "deploymentResult": "Success", + "deploymentTime": "2021-01-01T17:18:19.1234567Z", + "deploymentLogsUrl": "https://github.com/user/repo/actions" + }, + "message": "Successful deployment" + }, + "pullRequest": { + "url": "https://github.com/user/repo/pull/123", + "state": "Open" + } + }, + "systemData": { + "createdBy": "user1", + "createdByType": "User", + "createdAt": "2021-01-01T17:18:19.1234567Z", + "lastModifiedBy": "user2", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-01-02T17:18:19.1234567Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json new file mode 100644 index 000000000000..9abf2fd1c457 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceAppendTags": { + "threatIntelligenceTags": [ + "tag1", + "tag2" + ] + } + }, + "responses": { + "200": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json new file mode 100644 index 000000000000..9790f2c9706f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "lastUpdatedTimeUtc": "2021-09-01T19:44:44.117403Z", + "threatTypeMetrics": [ + { + "metricName": "compromised", + "metricValue": 20 + } + ], + "patternTypeMetrics": [ + { + "metricName": "url", + "metricValue": 20 + } + ], + "sourceMetrics": [ + { + "metricName": "Azure Sentinel", + "metricValue": 10315 + }, + { + "metricName": "zinga", + "metricValue": 2 + } + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json new file mode 100644 index 000000000000..56036a78c3a2 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2021-09-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-09-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-09-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-09-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json new file mode 100644 index 000000000000..fe486f3bf753 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json new file mode 100644 index 000000000000..44ddd2f05d6e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json new file mode 100644 index 000000000000..6588c46cf29c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:18:49.2259902Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json new file mode 100644 index 000000000000..eb8aaaef66dc --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ThreatIntelligenceFilteringCriteria": { + "pageSize": 100, + "minConfidence": 25, + "maxConfidence": 80, + "minValidUntil": "2021-04-05T17:44:00.114052Z", + "maxValidUntil": "2021-04-25T17:44:00.114052Z", + "sources": [ + "Azure Sentinel" + ], + "sortBy": [ + { + "itemKey": "lastUpdatedTimeUtc", + "sortOrder": "descending" + } + ] + } + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "name": "27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8", + "etag": "\"00002f2c-0000-0800-0000-5e976a8e0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 90, + "created": "2021-04-15T20:11:57.9666134Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--8516d567-0daa-4614-8745-e3591e1b48cf", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:15:11.0746926Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema 2", + "description": "debugging indicators 2", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z", + "parsedPattern": [ + { + "patternTypeKey": "network-traffic", + "patternTypeValues": [ + { + "valueType": "0", + "value": "SSH-2.0-PuTTY_Release_0.64" + }, + { + "valueType": "1", + "value": "194.88.106.146" + } + ] + } + ] + } + }, + { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:15:11.074903Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json new file mode 100644 index 000000000000..971f239ad6cd --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceReplaceTags": { + "etag": "\"0000262c-0000-0800-0000-5e9767060000\"", + "kind": "indicator", + "properties": { + "threatIntelligenceTags": [ + "patching tags" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "name": "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", + "etag": "\"00002a2c-0000-0800-0000-5e97683b0000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T19:51:17.1050923Z", + "createdByRef": "aztestConnectors@dataconnector.ccsctp.net", + "externalId": "indicator--73be1729-babb-4348-a6c4-94621cae2530", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T19:56:08.828946Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "patching tags" + ], + "displayName": "updated indicator", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://abc.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json new file mode 100644 index 000000000000..a246a817a015 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "name": "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", + "ThreatIntelligenceProperties": { + "kind": "indicator", + "properties": { + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "confidence": 78, + "createdByRef": "contoso@contoso.com", + "description": "debugging indicators", + "externalReferences": [], + "granularMarkings": [], + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "labels": [], + "modified": "", + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "revoked": false, + "validFrom": "2020-04-15T17:44:00.114052Z", + "validUntil": "" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "contoso@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2020-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "name": "180105c7-a28d-b1a2-4a78-234f6ec80fd6", + "etag": "\"0000322c-0000-0800-0000-5e976c960000\"", + "type": "Microsoft.SecurityInsights/ThreatIntelligence", + "kind": "indicator", + "properties": { + "confidence": 78, + "created": "2021-04-15T20:20:38.6160949Z", + "createdByRef": "aztestConnectors@contoso.com", + "externalId": "indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7", + "externalReferences": [], + "granularMarkings": [], + "lastUpdatedTimeUtc": "2021-04-15T20:20:38.6161887Z", + "revoked": false, + "source": "Azure Sentinel", + "threatIntelligenceTags": [ + "new schema" + ], + "displayName": "new schema", + "description": "debugging indicators", + "threatTypes": [ + "compromised" + ], + "killChainPhases": [], + "pattern": "[url:value = 'https://www.contoso.com']", + "patternType": "url", + "validFrom": "2021-04-15T17:44:00.114052Z" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json new file mode 100644 index 000000000000..6c23f2648a9e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "analyticsRuleRunTriggerParameter": { + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z" + } + } + }, + "responses": { + "202": { + "headers": { + "Code": "202", + "Message": "Accepted", + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-09-01-preview" + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json new file mode 100644 index 000000000000..8386f8f0e561 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -0,0 +1,29 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "ruleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "provisioningState": "InProgress", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json new file mode 100644 index 000000000000..42f9fa3c39b6 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/65360bb0-8986-4ade-a89d-af3cf44d28aa", + "name": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-22T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", + "provisioningState": "InProgress", + "ruleRunAdditionalData": { + "auditCorrelationId": "b8540a76-cb05-4a9b-8d52-9959b509e4ad", + "createdBy": "user@microsoft.com", + "healthCorrelationId": "dadd8fdc-fc7a-4005-a289-4e164cb75093" + } + } + }, + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "name": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "type": "Microsoft.SecurityInsights/TriggeredAnalyticsRuleRuns", + "properties": { + "executionTimeUtc": "2022-12-20T15:37:03.074Z", + "ruleId": "358e16da-ab76-4027-89e1-15937a6ed401", + "triggeredAnalyticsRuleRunId": "1f62ea0f-2d25-4b65-bd4d-bb9114bcbd9c", + "provisioningState": "Succeeded", + "ruleRunAdditionalData": { + "auditCorrelationId": "763f9dae-1027-44b9-a34a-589404693670", + "createdBy": "user2@microsoft.com", + "healthCorrelationId": "b3c165ec-f53e-48c1-9677-216d9e930912" + } + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json new file mode 100644 index 000000000000..88cceddd72f3 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json @@ -0,0 +1,88 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "itemsSearchKey": "header1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json new file mode 100644 index 000000000000..5a2c538821be --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlist": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "displayName": "High Value Assets Watchlist", + "source": "watchlist.csv", + "sourceType": "Local file", + "provider": "Microsoft", + "description": "Watchlist from CSV content", + "numberOfLinesToSkip": 1, + "rawContent": "This line will be skipped\nheader1,header2\nvalue1,value2", + "itemsSearchKey": "header1", + "contentType": "text/csv" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "type": "Microsoft.SecurityInsights/Watchlists", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json new file mode 100644 index 000000000000..3b609218a339 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -0,0 +1,92 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "watchlistItem": { + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "properties": { + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842", + "etag": "0300bf09-0000-0000-0000-5c37296e0000", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "82ba292c-dc97-4dfc-969d-d4dd9e666842", + "tenantId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", + "isDeleted": false, + "created": "2020-11-15T04:58:56.0748363+00:00", + "updated": "2020-11-16T16:05:20+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Gateway subnet": "10.0.255.224/27", + "Web Tier": "10.0.1.0/24", + "Business tier": "10.0.2.0/24", + "Data tier": "10.0.2.0/24", + "Private DMZ in": "10.0.0.0/27", + "Public DMZ out": "10.0.0.96/27" + } + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json new file mode 100644 index 000000000000..c982fb11f18e --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-09-01-preview" + } + }, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json new file mode 100644 index 000000000000..72c338aaba2d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "4008512e-1d30-48b2-9ee2-d3612ed9d3ea" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json new file mode 100644 index 000000000000..7dc93bb4270d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json new file mode 100644 index 000000000000..02d17be8cec5 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset", + "watchlistItemId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json new file mode 100644 index 000000000000..b70d29f863f9 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights", + "watchlistAlias": "highValueAsset" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576", + "name": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "etag": "\"f2089bfa-0000-0d00-0000-601c58b42021\"", + "type": "Microsoft.SecurityInsights/Watchlists/WatchlistItems", + "properties": { + "watchlistItemType": "watchlist-item", + "watchlistItemId": "fd37d325-7090-47fe-851a-5b5a00c3f576", + "tenantId": "3f8901fe-63d9-4875-9ad5-9fb3b8105797", + "isDeleted": false, + "created": "2021-02-04T12:27:32.3783333-08:00", + "updated": "2021-02-04T12:27:32.3783333-08:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "itemsKeyValue": { + "Header-1": "v1_1", + "Header-2": "v1_2", + "Header-3": "v1_3", + "Header-4": "v1_4", + "Header-5": "v1_5" + }, + "entityMapping": {} + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json new file mode 100644 index 000000000000..7a86e436df28 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "operationalInsightsResourceProvider": "Microsoft.OperationalInsights" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset", + "name": "highValueAsset", + "type": "Microsoft.SecurityInsights/Watchlists", + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017", + "displayName": "High Value Assets Watchlist", + "provider": "Microsoft", + "source": "watchlist.csv", + "sourceType": "Local file", + "created": "2020-09-28T00:26:54.7746089+00:00", + "updated": "2020-09-28T00:26:57+00:00", + "createdBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "updatedBy": { + "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70", + "email": "john@contoso.com", + "name": "john doe" + }, + "description": "Watchlist from CSV content", + "watchlistType": "watchlist", + "watchlistAlias": "highValueAsset", + "itemsSearchKey": "header1", + "isDeleted": false, + "labels": [ + "Tag1", + "Tag2" + ], + "defaultDuration": "P1279DT12H30M5S", + "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json new file mode 100644 index 000000000000..de3a361b1af8 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "InProgress" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..3ae27a29b5e1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "workspaceManagerAssignment": { + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json new file mode 100644 index 000000000000..f7549fb4c9e1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..20b1f118e3e7 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json new file mode 100644 index 000000000000..a37b79483e4d --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded", + "executionTime": "2022-06-14T04:49:52.9614956Z" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed", + "executionTime": "2022-06-14T04:50:52.9614956Z", + "errors": [ + { + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e", + "errorMessage": "Failed to write. Status code: Forbidden." + } + ] + } + ], + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "Failed" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json new file mode 100644 index 000000000000..0bbaa4c91c72 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json new file mode 100644 index 000000000000..781549669253 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "jobName": "cfbe1338-8276-4d5d-8b96-931117f9fa0e" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58/jobs/cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "etag": "\"f20a2523-7817-47b5-a3b2-21539c00c788\"", + "name": "cfbe1338-8276-4d5d-8b96-931117f9fa0e", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs", + "properties": { + "endTime": "2022-06-14T04:52:52.9614956Z", + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne", + "status": "Succeeded", + "executionTime": "2022-06-14T04:49:52.9614956Z" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo", + "status": "Failed", + "executionTime": "2022-06-14T04:50:52.9614956Z", + "errors": [ + { + "memberResourceName": "f5fa104e-c0e3-4747-9182-d342dc048a9e", + "errorMessage": "Failed to write. Status code: Forbidden." + } + ] + } + ], + "startTime": "2022-06-14T04:47:52.9614956Z", + "provisioningState": "Failed" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json new file mode 100644 index 000000000000..2875b7b24cdb --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerAssignmentName": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerAssignments/47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "47cdc5f5-37c4-47b5-bd5f-83c84b8bdd58", + "type": "Microsoft.SecurityInsights/workspaceManagerAssignments", + "properties": { + "items": [ + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleOne" + }, + { + "resourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspac-es/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExampleTwo" + } + ], + "targetResourceName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "lastJobEndTime": "2022-06-14T04:52:52.9614956Z", + "lastJobProvisioningState": "Failed" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..90c53fa17add --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default", + "workspaceManagerConfiguration": { + "properties": { + "mode": "Enabled" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..4b6146a762e1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json new file mode 100644 index 000000000000..ebdb93c67d28 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json new file mode 100644 index 000000000000..e9952d7f412c --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerConfigurationName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerConfigurations/default", + "etag": "\"3f6451dd-1b58-4bef-bce7-72eba6b354d7\"", + "name": "default", + "type": "Microsoft.SecurityInsights/workspaceManagerConfigurations", + "properties": { + "mode": "Enabled" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json new file mode 100644 index 000000000000..55bd8ddaa0af --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "workspaceManagerGroup": { + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json new file mode 100644 index 000000000000..2d427d690d86 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json new file mode 100644 index 000000000000..6f2cfd7cabd1 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json new file mode 100644 index 000000000000..2ee9d7d37bac --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerGroupName": "37207a7a-3b8a-438f-a559-c7df400e1b96" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerGroups/37207a7a-3b8a-438f-a559-c7df400e1b96", + "etag": "\"ac04c9ad-4b3c-4e13-b511-8c2225e46521\"", + "name": "37207a7a-3b8a-438f-a559-c7df400e1b96", + "type": "Microsoft.SecurityInsights/workspaceManagerGroups", + "properties": { + "description": "Group of all financial and banking institutions", + "displayName": "Banks", + "memberResourceNames": [ + "afbd324f-6c48-459c-8710-8d1e1cd03812", + "f5fa104e-c0e3-4747-9182-d342dc048a9e" + ] + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json new file mode 100644 index 000000000000..d40f9960f7f4 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "workspaceManagerMember": { + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json new file mode 100644 index 000000000000..3b84f7007dcf --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json new file mode 100644 index 000000000000..7da889d7123f --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + ] + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json new file mode 100644 index 000000000000..7daf0a35b448 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview", + "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", + "resourceGroupName": "myRg", + "workspaceName": "myWorkspace", + "workspaceManagerMemberName": "afbd324f-6c48-459c-8710-8d1e1cd03812" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/workspaceManagerMembers/afbd324f-6c48-459c-8710-8d1e1cd03812", + "etag": "\"190057d0-0000-0d00-0000-5c6f5adb0000\"", + "name": "afbd324f-6c48-459c-8710-8d1e1cd03812", + "type": "Microsoft.SecurityInsights/workspaceManagerMembers", + "properties": { + "targetWorkspaceResourceId": "/subscriptions/7aef9d48-814f-45ad-b644-b0343316e174/resourceGroups/otherRg/providers/Microsoft.OperationalInsights/workspaces/Example_Workspace", + "targetWorkspaceTenantId": "f676d436-8d16-42db-81b7-ab578e110ccd" + } + } + } + } +} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json new file mode 100644 index 000000000000..fcac6b8cef26 --- /dev/null +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json @@ -0,0 +1,138 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Insights", + "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", + "version": "2023-09-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.SecurityInsights/operations": { + "get": { + "x-ms-examples": { + "Get all operations.": { + "$ref": "./examples/operations/ListOperations.json" + } + }, + "operationId": "Operations_List", + "description": "Lists all operations available Azure Security Insights Resource Provider.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operations list.", + "schema": { + "$ref": "#/definitions/OperationsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/2.0/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "OperationsList": { + "description": "Lists the operations available in the SecurityInsights RP.", + "properties": { + "nextLink": { + "description": "URL to fetch the next set of operations.", + "type": "string", + "readOnly": true + }, + "value": { + "description": "Array of operations", + "items": { + "$ref": "#/definitions/Operation" + }, + "type": "array" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "Operation": { + "description": "Operation provided by provider", + "properties": { + "display": { + "description": "Properties of the operation", + "properties": { + "description": { + "description": "Description of the operation", + "type": "string" + }, + "operation": { + "description": "Operation name", + "type": "string" + }, + "provider": { + "description": "Provider name", + "type": "string" + }, + "resource": { + "description": "Resource name", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the operation", + "type": "string" + }, + "origin": { + "description": "The origin of the operation", + "type": "string" + }, + "isDataAction": { + "description": "Indicates whether the operation is a data action", + "type": "boolean" + } + }, + "type": "object" + } + }, + "parameters": {} +} From 127c7b7c8176e7d2f98f7b1b2299fb3c0b3e2dd2 Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Thu, 21 Sep 2023 17:51:04 -0700 Subject: [PATCH 2/7] Updates readme --- .../resource-manager/readme.md | 44 ++++++++++++++++++- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/readme.md b/specification/securityinsights/resource-manager/readme.md index f2be4041a53a..c8b1e8199675 100644 --- a/specification/securityinsights/resource-manager/readme.md +++ b/specification/securityinsights/resource-manager/readme.md @@ -26,17 +26,56 @@ These are the global settings for the SecurityInsights API. ``` yaml openapi-type: arm -tag: package-preview-2023-09 +tag: package-preview-2023-10 ``` --- +### Tag: package-preview-2023-10 + +These settings apply only when `--tag=package-preview-2023-10` is specified on the command line. + +```yaml $(tag) == 'package-preview-2023-10' +input-file: + - Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json + - Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json +``` ### Tag: package-preview-2023-09 These settings apply only when `--tag=package-preview-2023-09` is specified on the command line. -```yaml $(tag) == 'package-preview-2023-09' +``` yaml $(tag) == 'package-preview-2023-09' input-file: - Microsoft.SecurityInsights/preview/2023-09-01-preview/AlertRules.json - Microsoft.SecurityInsights/preview/2023-09-01-preview/AutomationRules.json @@ -71,6 +110,7 @@ input-file: - Microsoft.SecurityInsights/preview/2023-09-01-preview/dataConnectors.json - Microsoft.SecurityInsights/preview/2023-09-01-preview/operations.json ``` + ### Tag: package-preview-2023-08 These settings apply only when `--tag=package-preview-2023-08` is specified on the command line. From fa0011c95ee2903e69b5de9acb9888d82eae30c7 Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Thu, 21 Sep 2023 17:51:10 -0700 Subject: [PATCH 3/7] Updates API version in new specs and examples --- .../preview/2023-10-01-preview/AlertRules.json | 2 +- .../preview/2023-10-01-preview/AutomationRules.json | 2 +- .../preview/2023-10-01-preview/BillingStatistics.json | 2 +- .../preview/2023-10-01-preview/Bookmarks.json | 2 +- .../preview/2023-10-01-preview/ContentPackages.json | 2 +- .../preview/2023-10-01-preview/ContentProductPackages.json | 2 +- .../preview/2023-10-01-preview/ContentProductTemplates.json | 2 +- .../preview/2023-10-01-preview/ContentTemplates.json | 2 +- .../preview/2023-10-01-preview/Enrichment.json | 2 +- .../preview/2023-10-01-preview/Entities.json | 2 +- .../preview/2023-10-01-preview/EntityQueries.json | 2 +- .../preview/2023-10-01-preview/EntityQueryTemplates.json | 2 +- .../preview/2023-10-01-preview/FileImports.json | 2 +- .../preview/2023-10-01-preview/Hunts.json | 2 +- .../preview/2023-10-01-preview/Incidents.json | 2 +- .../preview/2023-10-01-preview/Metadata.json | 2 +- .../preview/2023-10-01-preview/OfficeConsents.json | 2 +- .../preview/2023-10-01-preview/OnboardingStates.json | 2 +- .../preview/2023-10-01-preview/Recommendations.json | 2 +- .../2023-10-01-preview/SecurityMLAnalyticsSettings.json | 2 +- .../preview/2023-10-01-preview/Settings.json | 2 +- .../preview/2023-10-01-preview/SourceControls.json | 2 +- .../preview/2023-10-01-preview/ThreatIntelligence.json | 2 +- .../2023-10-01-preview/TriggeredAnalyticsRuleRuns.json | 2 +- .../preview/2023-10-01-preview/Watchlists.json | 2 +- .../2023-10-01-preview/WorkspaceManagerAssignments.json | 2 +- .../2023-10-01-preview/WorkspaceManagerConfigurations.json | 2 +- .../preview/2023-10-01-preview/WorkspaceManagerGroups.json | 2 +- .../preview/2023-10-01-preview/WorkspaceManagerMembers.json | 2 +- .../preview/2023-10-01-preview/common/AlertTypes.json | 2 +- .../preview/2023-10-01-preview/common/ContentCommonTypes.json | 2 +- .../preview/2023-10-01-preview/common/EntityTypes.json | 2 +- .../preview/2023-10-01-preview/common/IncidentTypes.json | 2 +- .../preview/2023-10-01-preview/common/RelationTypes.json | 2 +- .../2023-10-01-preview/common/ThreatIntelligenceTypes.json | 2 +- .../preview/2023-10-01-preview/dataConnectorDefinitions.json | 2 +- .../preview/2023-10-01-preview/dataConnectors.json | 2 +- .../examples/actions/CreateActionOfAlertRule.json | 2 +- .../examples/actions/DeleteActionOfAlertRule.json | 2 +- .../examples/actions/GetActionOfAlertRuleById.json | 2 +- .../examples/actions/GetAllActionsByAlertRule.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplateById.json | 2 +- .../examples/alertRuleTemplates/GetAlertRuleTemplates.json | 2 +- .../examples/alertRules/CreateFusionAlertRule.json | 2 +- .../CreateFusionAlertRuleWithFusionScenarioExclusion.json | 2 +- .../CreateMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/CreateNrtAlertRule.json | 2 +- .../examples/alertRules/CreateScheduledAlertRule.json | 2 +- .../examples/alertRules/DeleteAlertRule.json | 2 +- .../examples/alertRules/GetAllAlertRules.json | 2 +- .../examples/alertRules/GetFusionAlertRule.json | 2 +- .../GetMicrosoftSecurityIncidentCreationAlertRule.json | 2 +- .../examples/alertRules/GetNrtAlertRule.json | 2 +- .../examples/alertRules/GetScheduledAlertRule.json | 2 +- .../automationRules/AutomationRules_CreateOrUpdate.json | 2 +- .../examples/automationRules/AutomationRules_Delete.json | 2 +- .../examples/automationRules/AutomationRules_Get.json | 2 +- .../examples/automationRules/AutomationRules_List.json | 2 +- .../examples/billingStatistics/GetAllBillingStatistics.json | 2 +- .../examples/billingStatistics/GetBillingStatistic.json | 2 +- .../2023-10-01-preview/examples/bookmarks/CreateBookmark.json | 2 +- .../2023-10-01-preview/examples/bookmarks/DeleteBookmark.json | 2 +- .../examples/bookmarks/GetBookmarkById.json | 2 +- .../2023-10-01-preview/examples/bookmarks/GetBookmarks.json | 2 +- .../examples/bookmarks/expand/PostExpandBookmark.json | 2 +- .../examples/bookmarks/relations/CreateBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/DeleteBookmarkRelation.json | 2 +- .../examples/bookmarks/relations/GetAllBookmarkRelations.json | 2 +- .../bookmarks/relations/GetBookmarkRelationByName.json | 2 +- .../examples/contentPackages/GetPackageById.json | 2 +- .../examples/contentPackages/GetPackages.json | 2 +- .../examples/contentPackages/GetProductPackageById.json | 2 +- .../examples/contentPackages/GetProductPackages.json | 2 +- .../examples/contentPackages/InstallPackage.json | 2 +- .../examples/contentPackages/UninstallPackage.json | 2 +- .../examples/contentTemplates/DeleteTemplate.json | 2 +- .../examples/contentTemplates/GetProductTemplateById.json | 2 +- .../examples/contentTemplates/GetProductTemplates.json | 2 +- .../examples/contentTemplates/GetTemplateById.json | 2 +- .../examples/contentTemplates/GetTemplates.json | 2 +- .../examples/contentTemplates/InstallTemplate.json | 2 +- .../CreateCustomizableDataConnectorDefinition.json | 2 +- .../DeleteDataConnectorDefinitionById.json | 2 +- .../GetCustomizableDataConnectoeDefinitionById.json | 2 +- .../dataConnectorDefinitions/GetDataConnectorDefinitions.json | 2 +- .../dataConnectors/CheckRequirementsAzureActiveDirectory.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoAuthorization.json | 2 +- .../CheckRequirementsAzureActiveDirectoryNoLicense.json | 2 +- .../dataConnectors/CheckRequirementsAzureSecurityCenter.json | 2 +- .../examples/dataConnectors/CheckRequirementsDynamics365.json | 2 +- .../examples/dataConnectors/CheckRequirementsIoT.json | 2 +- .../examples/dataConnectors/CheckRequirementsMdatp.json | 2 +- .../CheckRequirementsMicrosoftCloudAppSecurity.json | 2 +- ...heckRequirementsMicrosoftPurviewInformationProtection.json | 2 +- .../CheckRequirementsMicrosoftThreatIntelligence.json | 2 +- .../CheckRequirementsMicrosoftThreatProtection.json | 2 +- .../dataConnectors/CheckRequirementsOffice365Project.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeATP.json | 2 +- .../examples/dataConnectors/CheckRequirementsOfficeIRM.json | 2 +- .../dataConnectors/CheckRequirementsOfficePowerBI.json | 2 +- .../dataConnectors/CheckRequirementsThreatIntelligence.json | 2 +- .../CheckRequirementsThreatIntelligenceTaxii.json | 2 +- .../examples/dataConnectors/ConnectAPIPolling.json | 2 +- .../examples/dataConnectors/ConnectAPIPollingV2Logs.json | 2 +- .../examples/dataConnectors/CreateAPIPolling.json | 2 +- .../dataConnectors/CreateDynamics365DataConnetor.json | 2 +- .../examples/dataConnectors/CreateGenericUI.json | 2 +- .../examples/dataConnectors/CreateGoogleCloudPlatform.json | 2 +- ...eateMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../CreateMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../CreateMicrosoftThreatProtectionDataConnetor.json | 2 +- .../dataConnectors/CreateOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/CreateOfficeDataConnetor.json | 2 +- .../dataConnectors/CreateOfficePowerBIDataConnector.json | 2 +- .../dataConnectors/CreateThreatIntelligenceDataConnector.json | 2 +- .../CreateThreatIntelligenceTaxiiDataConnector.json | 2 +- .../examples/dataConnectors/DeleteAPIPolling.json | 2 +- .../examples/dataConnectors/DeleteGenericUI.json | 2 +- .../examples/dataConnectors/DeleteGoogleCloudPlatform.json | 2 +- ...leteMicrosoftPurviewInformationProtectionDataConnetor.json | 2 +- .../DeleteMicrosoftThreatIntelligenceDataConnector.json | 2 +- .../dataConnectors/DeleteOffice365ProjectDataConnetor.json | 2 +- .../examples/dataConnectors/DeleteOfficeDataConnetor.json | 2 +- .../dataConnectors/DeleteOfficePowerBIDataConnetor.json | 2 +- .../examples/dataConnectors/DisconnectAPIPolling.json | 2 +- .../examples/dataConnectors/GetAPIPolling.json | 2 +- .../dataConnectors/GetAmazonWebServicesCloudTrailById.json | 2 +- .../examples/dataConnectors/GetAmazonWebServicesS3ById.json | 2 +- .../examples/dataConnectors/GetAzureActiveDirectoryById.json | 2 +- .../dataConnectors/GetAzureAdvancedThreatProtectionById.json | 2 +- .../examples/dataConnectors/GetAzureSecurityCenterById.json | 2 +- .../examples/dataConnectors/GetDataConnectors.json | 2 +- .../dataConnectors/GetDynamics365DataConnectorById.json | 2 +- .../examples/dataConnectors/GetGenericUI.json | 2 +- .../examples/dataConnectors/GetGoogleCloudPlatformById.json | 2 +- .../examples/dataConnectors/GetIoTById.json | 2 +- .../dataConnectors/GetMicrosoftCloudAppSecurityById.json | 2 +- .../GetMicrosoftDefenderAdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetMicrosoftInsiderRiskManagementById.json | 2 +- ...MicrosoftPurviewInformationProtectionDataConnetorById.json | 2 +- .../dataConnectors/GetMicrosoftThreatIntelligenceById.json | 2 +- .../dataConnectors/GetMicrosoftThreatProtectionById.json | 2 +- .../GetOffice365AdvancedThreatProtectionById.json | 2 +- .../dataConnectors/GetOffice365ProjectDataConnetorById.json | 2 +- .../examples/dataConnectors/GetOfficeDataConnetorById.json | 2 +- .../dataConnectors/GetOfficePowerBIDataConnetorById.json | 2 +- .../examples/dataConnectors/GetThreatIntelligenceById.json | 2 +- .../dataConnectors/GetThreatIntelligenceTaxiiById.json | 2 +- .../examples/enrichment/GetGeodataByIp.json | 2 +- .../examples/enrichment/GetWhoisByDomainName.json | 2 +- .../examples/entities/GetAccountEntityById.json | 2 +- .../examples/entities/GetAzureResourceEntityById.json | 2 +- .../examples/entities/GetCloudApplicationEntityById.json | 2 +- .../examples/entities/GetDnsEntityById.json | 2 +- .../2023-10-01-preview/examples/entities/GetEntities.json | 2 +- .../examples/entities/GetFileEntityById.json | 2 +- .../examples/entities/GetFileHashEntityById.json | 2 +- .../examples/entities/GetHostEntityById.json | 2 +- .../examples/entities/GetIoTDeviceEntityById.json | 2 +- .../2023-10-01-preview/examples/entities/GetIpEntityById.json | 2 +- .../examples/entities/GetMailClusterEntityById.json | 2 +- .../examples/entities/GetMailMessageEntityById.json | 2 +- .../examples/entities/GetMailboxEntityById.json | 2 +- .../examples/entities/GetMalwareEntityById.json | 2 +- .../examples/entities/GetProcessEntityById.json | 2 +- .../2023-10-01-preview/examples/entities/GetQueries.json | 2 +- .../examples/entities/GetRegistryKeyEntityById.json | 2 +- .../examples/entities/GetRegistryValueEntityById.json | 2 +- .../examples/entities/GetSecurityAlertEntityById.json | 2 +- .../examples/entities/GetSecurityGroupEntityById.json | 2 +- .../examples/entities/GetSubmissionMailEntityById.json | 2 +- .../examples/entities/GetUrlEntityById.json | 2 +- .../examples/entities/expand/PostExpandEntity.json | 2 +- .../examples/entities/insights/PostGetInsights.json | 2 +- .../examples/entities/relations/GetAllEntityRelations.json | 2 +- .../examples/entities/relations/GetEntityRelationByName.json | 2 +- .../examples/entities/timeline/PostTimelineEntity.json | 2 +- .../examples/entityQueries/CreateEntityQueryActivity.json | 2 +- .../examples/entityQueries/DeleteEntityQuery.json | 2 +- .../examples/entityQueries/GetActivityEntityQueryById.json | 2 +- .../examples/entityQueries/GetEntityQueries.json | 2 +- .../examples/entityQueries/GetExpansionEntityQueryById.json | 2 +- .../GetActivityEntityQueryTemplateById.json | 2 +- .../entityQueryTemplates/GetEntityQueryTemplates.json | 2 +- .../examples/fileImports/CreateFileImport.json | 2 +- .../examples/fileImports/DeleteFileImport.json | 2 +- .../examples/fileImports/GetFileImportById.json | 2 +- .../examples/fileImports/GetFileImports.json | 2 +- .../preview/2023-10-01-preview/examples/hunts/CreateHunt.json | 2 +- .../2023-10-01-preview/examples/hunts/CreateHuntComment.json | 2 +- .../2023-10-01-preview/examples/hunts/CreateHuntRelation.json | 2 +- .../preview/2023-10-01-preview/examples/hunts/DeleteHunt.json | 2 +- .../2023-10-01-preview/examples/hunts/DeleteHuntComment.json | 2 +- .../2023-10-01-preview/examples/hunts/DeleteHuntRelation.json | 2 +- .../2023-10-01-preview/examples/hunts/GetHuntById.json | 2 +- .../2023-10-01-preview/examples/hunts/GetHuntCommentById.json | 2 +- .../2023-10-01-preview/examples/hunts/GetHuntComments.json | 2 +- .../examples/hunts/GetHuntRelationById.json | 2 +- .../2023-10-01-preview/examples/hunts/GetHuntRelations.json | 2 +- .../preview/2023-10-01-preview/examples/hunts/GetHunts.json | 2 +- .../incidents/IncidentAlerts/Incidents_ListAlerts.json | 2 +- .../incidents/IncidentBookmarks/Incidents_ListBookmarks.json | 2 +- .../IncidentComments/IncidentComments_CreateOrUpdate.json | 2 +- .../incidents/IncidentComments/IncidentComments_Delete.json | 2 +- .../incidents/IncidentComments/IncidentComments_Get.json | 2 +- .../incidents/IncidentComments/IncidentComments_List.json | 2 +- .../incidents/IncidentEntities/Incidents_ListEntities.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json | 2 +- .../incidents/IncidentTasks/IncidentTasks_Delete.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_Get.json | 2 +- .../examples/incidents/IncidentTasks/IncidentTasks_List.json | 2 +- .../examples/incidents/IncidentTeam/Incidents_CreateTeam.json | 2 +- .../examples/incidents/Incidents_CreateOrUpdate.json | 2 +- .../examples/incidents/Incidents_Delete.json | 2 +- .../2023-10-01-preview/examples/incidents/Incidents_Get.json | 2 +- .../2023-10-01-preview/examples/incidents/Incidents_List.json | 2 +- .../examples/incidents/relations/CreateIncidentRelation.json | 2 +- .../examples/incidents/relations/DeleteIncidentRelation.json | 2 +- .../examples/incidents/relations/GetAllIncidentRelations.json | 2 +- .../incidents/relations/GetIncidentRelationByName.json | 2 +- .../examples/manualTrigger/Entities_RunPlaybook.json | 2 +- .../examples/manualTrigger/Incidents_RunPlaybook.json | 2 +- .../2023-10-01-preview/examples/metadata/DeleteMetadata.json | 2 +- .../2023-10-01-preview/examples/metadata/GetAllMetadata.json | 2 +- .../examples/metadata/GetAllMetadataOData.json | 2 +- .../2023-10-01-preview/examples/metadata/GetMetadata.json | 2 +- .../2023-10-01-preview/examples/metadata/PatchMetadata.json | 2 +- .../2023-10-01-preview/examples/metadata/PutMetadata.json | 2 +- .../examples/metadata/PutMetadataMinimal.json | 2 +- .../examples/officeConsents/DeleteOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsents.json | 2 +- .../examples/officeConsents/GetOfficeConsentsById.json | 2 +- .../onboardingStates/CreateSentinelOnboardingState.json | 2 +- .../onboardingStates/DeleteSentinelOnboardingState.json | 2 +- .../onboardingStates/GetAllSentinelOnboardingStates.json | 2 +- .../examples/onboardingStates/GetSentinelOnboardingState.json | 2 +- .../examples/operations/ListOperations.json | 2 +- .../examples/recommendations/GetRecommendation.json | 2 +- .../examples/recommendations/GetRecommendations.json | 2 +- .../examples/recommendations/PatchRecommendation.json | 4 ++-- .../examples/repositories/GetRepositories.json | 2 +- .../CreateAnomalySecurityMLAnalyticsSetting.json | 2 +- .../DeleteSecurityMLAnalyticsSetting.json | 2 +- .../GetAllSecurityMLAnalyticsSettings.json | 2 +- .../GetAnomalySecurityMLAnalyticsSetting.json | 2 +- .../examples/settings/DeleteEyesOnSetting.json | 2 +- .../2023-10-01-preview/examples/settings/GetAllSettings.json | 2 +- .../examples/settings/GetEyesOnSetting.json | 2 +- .../examples/settings/UpdateEyesOnSetting.json | 2 +- .../examples/sourcecontrols/CreateSourceControl.json | 2 +- .../examples/sourcecontrols/DeleteSourceControl.json | 2 +- .../examples/sourcecontrols/GetSourceControlById.json | 2 +- .../examples/sourcecontrols/GetSourceControls.json | 2 +- .../threatintelligence/AppendTagsThreatIntelligence.json | 2 +- .../threatintelligence/CollectThreatIntelligenceMetrics.json | 2 +- .../examples/threatintelligence/CreateThreatIntelligence.json | 2 +- .../examples/threatintelligence/DeleteThreatIntelligence.json | 2 +- .../examples/threatintelligence/GetThreatIntelligence.json | 2 +- .../threatintelligence/GetThreatIntelligenceById.json | 2 +- .../examples/threatintelligence/QueryThreatIntelligence.json | 2 +- .../threatintelligence/ReplaceTagsThreatIntelligence.json | 2 +- .../examples/threatintelligence/UpdateThreatIntelligence.json | 2 +- .../triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json | 4 ++-- .../triggeredAnalyticsRuleRun_Get.json | 2 +- .../triggeredAnalyticsRuleRuns_Get.json | 2 +- .../examples/watchlists/CreateWatchlist.json | 2 +- .../examples/watchlists/CreateWatchlistAndWatchlistItems.json | 2 +- .../examples/watchlists/CreateWatchlistItem.json | 2 +- .../examples/watchlists/DeleteWatchlist.json | 4 ++-- .../examples/watchlists/DeleteWatchlistItem.json | 2 +- .../examples/watchlists/GetWatchlistByAlias.json | 2 +- .../examples/watchlists/GetWatchlistItemById.json | 2 +- .../examples/watchlists/GetWatchlistItems.json | 2 +- .../2023-10-01-preview/examples/watchlists/GetWatchlists.json | 2 +- .../examples/workspaceManagerAssignments/CreateJob.json | 2 +- .../CreateOrUpdateWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/DeleteJob.json | 2 +- .../DeleteWorkspaceManagerAssignment.json | 2 +- .../examples/workspaceManagerAssignments/GetAllJobs.json | 2 +- .../GetAllWorkspaceManagerAssignments.json | 2 +- .../examples/workspaceManagerAssignments/GetJob.json | 2 +- .../GetWorkspaceManagerAssignment.json | 2 +- .../CreateOrUpdateWorkspaceManagerConfiguration.json | 2 +- .../DeleteWorkspaceManagerConfiguration.json | 2 +- .../GetAllWorkspaceManagerConfigurations.json | 2 +- .../GetWorkspaceManagerConfiguration.json | 2 +- .../CreateOrUpdateWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/DeleteWorkspaceManagerGroup.json | 2 +- .../workspaceManagerGroups/GetAllWorkspaceManagerGroups.json | 2 +- .../workspaceManagerGroups/GetWorkspaceManagerGroup.json | 2 +- .../CreateOrUpdateWorkspaceManagerMember.json | 2 +- .../workspaceManagerMembers/DeleteWorkspaceManagerMember.json | 2 +- .../GetAllWorkspaceManagerMembers.json | 2 +- .../workspaceManagerMembers/GetWorkspaceManagerMember.json | 2 +- .../preview/2023-10-01-preview/operations.json | 2 +- 295 files changed, 298 insertions(+), 298 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json index 5d799b33f638..f46a613ed08f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AlertRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json index 2138ecb7e7c7..12f903e964d5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/AutomationRules.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json index 46c9c60cf1a5..5f9909451f53 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/BillingStatistics.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json index 2531ac3a24de..48f6fca560bb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Bookmarks.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json index 1d4f1088115e..1cd3feca2f25 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json index f018cc9afba5..88c8e5f3911e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json index 8bd9b377413d..5e07ac7fd7f3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json index 87478176d40e..a1221eeb09b6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json index fbf609562792..ad52cabc1238 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Enrichment.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json index 44c884f4c857..14ae12c4941e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Entities.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json index b8b91863a1af..7a473c381936 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueries.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json index 04c35e21d6f6..0cfea8a3ab7c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/EntityQueryTemplates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json index f4e1755ea170..e3e93ca3526a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/FileImports.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json index adfa82494451..b9d65c9dc64d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Hunts.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json index 15d817a6ab87..0a37ccf09c3f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Incidents.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json index 58de0c2f543a..98c1f53dc598 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Metadata.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json index 60970af40708..5538dc2ecfae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OfficeConsents.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json index d175c1545be5..d7f75d63ba89 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/OnboardingStates.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json index 2664cd8b4d21..ce9beb70d98a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Recommendations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json index efdb93aa4f09..cd2c34c529c8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SecurityMLAnalyticsSettings.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json index 8556d1e67785..63dc0fa7fde4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Settings.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json index af73eeedee24..245c3314f12a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json index 8c8dfeacd197..131ceefd7d4c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ThreatIntelligence.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json index 857932779c69..e220cc988983 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/TriggeredAnalyticsRuleRuns.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/{ruleRunId}": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json index d8dcd21f4fb4..8c4a9bfa69f8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/Watchlists.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json index 4584e1c4b44b..811fe3a0de6a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerAssignments.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json index c5b86f43a85f..9317a0cd3393 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerConfigurations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json index 7dcb020f4bad..811fbdc4ce7f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerGroups.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json index 42e2c5fb4c9c..084cf188914e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/WorkspaceManagerMembers.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json index 3cb89778380f..38c3dd925054 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/AlertTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-09-01-preview", + "version": "2023-10-01-preview", "title": "Common Alert types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json index 1b56607ea476..c4d9ba7ab5aa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-09-01-preview", + "version": "2023-10-01-preview", "title": "Common content metadata types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json index 29c02cd5503d..e6429e9dceb3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/EntityTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-09-01-preview", + "version": "2023-10-01-preview", "title": "Common Entity types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json index 5daa844dcd81..d2de5a84d5c2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/IncidentTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-09-01-preview", + "version": "2023-10-01-preview", "title": "Common Incident types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json index 9ace459c99f3..6216dea7510e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/RelationTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-09-01-preview", + "version": "2023-10-01-preview", "title": "Common Relation types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json index 832f9b943f6c..fd9b4ea5d85e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ThreatIntelligenceTypes.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "version": "2023-09-01-preview", + "version": "2023-10-01-preview", "title": "Common Relation types" }, "paths": {}, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json index 094bcead32fb..42ae9b90ca8f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectorDefinitions.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json index 52fb37bdac01..d618e79bb31f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/dataConnectors.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json index 5755265bdc00..5a69493672b8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/CreateActionOfAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json index 63cd57207758..5c18f0def4e2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/DeleteActionOfAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json index 437df43477f0..40cf8596aa0a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetActionOfAlertRuleById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json index 9119826114b3..b9a0f6d22b61 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/actions/GetAllActionsByAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json index fe9a9569e00c..30c08198c4ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json index 25af577a0cea..782c3d28caa6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json index a464d77ef862..c9894bfef1b6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json index be8c8ad7a23c..525ea0db5e41 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json index 6b51eaa0b3f4..1194e1bc7a51 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json index d6b02c03ed09..ad04e2c0cb7d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json index e5576f7edbb3..955606d4624f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/CreateScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json index f057cefab2e1..e2b195d10d47 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/DeleteAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json index 8ab228dbdbf4..649a2f5866fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetAllAlertRules.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json index 6a442cc680f7..2da1dd325d64 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetFusionAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json index e4c0c6ca72ee..27d4c3d5d9c9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json index 85b9857624ed..327ba905a95d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetNrtAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json index 6a2333afb809..11e1c3c2509c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/alertRules/GetScheduledAlertRule.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json index dd65dcb46af5..2ef713f371f8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json index 78b480b1601b..dd815a79aa78 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json index 7b8803c70cb2..3f0babf7b178 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json index 0c7ddbcf4415..cb9d08ec1183 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/automationRules/AutomationRules_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json index 260fde7db92c..726cf1327b7d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetAllBillingStatistics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json index 07189a3aaec2..45dd8ec928fd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/billingStatistics/GetBillingStatistic.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json index 91f903df4698..ebf726ebd3b4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/CreateBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json index 34665d114dab..8f073da3550b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/DeleteBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json index 03fa481946e5..c5777e5a382e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarkById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json index 65e54d684be1..f2679d633384 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/GetBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json index 4b3dcfbf9f4e..99464125081b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/expand/PostExpandBookmark.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json index 30ac3b3efa2a..2020c5345933 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json index b8df22782d74..d782f75a19df 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json index ae80cc8c49d1..01a2877788b9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json index 9b7a808341dd..2e6046987b36 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json index 784acabe6c36..4575582f4f5d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json index 8cc2453668ef..6f3b70054507 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json index c862f21c7523..af33a65d9df6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackageById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json index 029f47e71415..9da389b91c3c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/GetProductPackages.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json index 66a12239b696..2feedc5074cb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/InstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json index ce69839dca66..f2878b062163 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentPackages/UninstallPackage.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json index 4db18824c70f..e81528d21e25 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/DeleteTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json index 4abb6c8091f9..28a35afab476 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json index 491a10276933..9b8694123cf3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetProductTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json index 2ba98409e06f..7816a3b13fed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json index 3d90ba97e2f0..3bc1e0e0a3ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/GetTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json index a349d6c39baf..4e5b1e4a48ef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/contentTemplates/InstallTemplate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfeab2-9ae0-4464-9919-dccaee2e48f0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json index 4a7e55e819ac..b57d861e44a2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/CreateCustomizableDataConnectorDefinition.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json index df6440f04add..34950ec5a4d3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/DeleteDataConnectorDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json index 8e8b01267d91..c2e18bfe388b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetCustomizableDataConnectoeDefinitionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json index 341d6199a191..e8aeb6af8f92 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectorDefinitions/GetDataConnectorDefinitions.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json index e437ec72711a..929fc0f23ab6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json index e437ec72711a..929fc0f23ab6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json index e437ec72711a..929fc0f23ab6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json index a31e2954d481..3be610755cf6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json index 94aa9bb5b60b..f30e8d22283b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json index 031a0a971807..3c5f2c5797be 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsIoT.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json index 99bb030c0f2b..089ad7e4d2e2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json index 99bb030c0f2b..089ad7e4d2e2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json index 2bd286ba9f38..0dfbe853ce81 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftPurviewInformationProtection.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json index b375ff4d6483..136660df7a0f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json index 4480e2a1244b..699e36af7db4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json index 9b07d71235ab..e9acecf22684 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json index e4d73014eb00..fb5cdc22d779 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json index 7897957eb054..201c2aad6e19 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json index 69d4924d1203..943cf8356c08 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json index c500738d8702..434493c6eff6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json index d145e31d70a1..ef8a305f57f0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json index 3e7833cf7c5f..96c83293638a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json index 30de8cf68731..5f0a7abebb31 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json index 2546ea7ce5f8..86f830f4d30e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json index 5e81d260c748..d96cc938e251 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json index e372faf6112b..a9712ceea7bb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json index 55b2179ae246..50c05ca6d3b7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json index 714a0da42f7a..bcaa8e3fb82b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json index f01b8ba00364..aef3ad44aa2b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json index 27a99a85f339..747cd65eb03d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateMicrosoftThreatProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json index e2b1824e2d16..3418a783a40b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json index c094b22fdda2..14240ebe3e65 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json index d6af2cc42cc4..750d4d4992d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json index 18ede124a18f..aa2bb28d4849 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json index 2b7fca9c209c..57db98fb759e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json index 65f335a62a70..ba37c0058bae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json index 65f335a62a70..ba37c0058bae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json index e0dac8c7208d..8269ba4390a2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteGoogleCloudPlatform.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json index 672bb19ccc85..24abfa6c8d0b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftPurviewInformationProtectionDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json index 816039e5fc1e..83906d8c52a5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteMicrosoftThreatIntelligenceDataConnector.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json index 672bb19ccc85..24abfa6c8d0b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json index 672bb19ccc85..24abfa6c8d0b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json index 672bb19ccc85..24abfa6c8d0b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json index 45fb56fbff09..3760f30273ae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/DisconnectAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json index 286ce67b25a7..533faa402674 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAPIPolling.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json index 09d3303a3d8d..d51c68aeec93 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json index a45891d5f9a7..b283f0af9cef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json index 29524857db48..f2afa255624d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json index eb3ec118d451..2947899743bc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json index 570a660e4643..713eaa350d33 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json index b81f08c8c6d2..6b30f65f1b86 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDataConnectors.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json index 2d03315f2bd7..8af9b5f3ede0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json index 12f09116c32b..a8260ca4199b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGenericUI.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json index 5fad300dcd5b..131301c94793 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetGoogleCloudPlatformById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json index f9ddbf056bb6..1d6e59ad5414 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetIoTById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json index ee57e4c6638a..6bd8b36653a0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json index b2f6d80a470f..7fcc66a5f6b8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json index fd9e6037cddb..53040870cccc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json index acc90145655c..5dc529c8427d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftPurviewInformationProtectionDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json index a43f8abe72bb..459ef29402d2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json index 2c0d3e5e3993..be1d4ce72078 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json index a19eefa3cc8e..397c001efb5e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json index 38c68297b014..07cc68659485 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json index 702b147fe1ff..28409b250704 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json index 63363ade4040..4a8c3fd2b834 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json index 6143e53a26b1..9998f140c0ec 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json index 1f68b44f110b..4203e6130209 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json index ea71a73024a9..854b06c7abe4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetGeodataByIp.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "ipAddress": "1.2.3.4" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json index b69065caf7c3..188c429f5fb0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/enrichment/GetWhoisByDomainName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "domain": "microsoft.com" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json index 9bf1fffb9e01..da7e8ac6f10e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAccountEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json index 008ec3393fdc..c85d45cbe812 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetAzureResourceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json index 967fdad88aa1..6c0b896f73dc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetCloudApplicationEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json index e8ee4514c86a..12f15001128f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetDnsEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json index f7be93c235ce..9887ffb28608 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json index 115390796311..6603b01ef64a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json index 8181ac42612c..7b515a09f94d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetFileHashEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json index c4ae39a1e4bf..0cd30add53fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetHostEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json index 4afa77f0ec85..61050b341339 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIoTDeviceEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json index 5377e956aca9..93bb721014e4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetIpEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json index 646d7933a2b2..2f8384f4cfba 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailClusterEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json index 221a39b6a9d4..7cd41004845a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailMessageEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json index fb7571d1ae64..bc61154459be 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMailboxEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json index 7ba56c65732b..70f14a57c61f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetMalwareEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json index 90c3ebb9395e..47c885836d96 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetProcessEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json index c7c4d24bef2c..57a4fa7b1ea4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json index fe91c373405d..e6423b6056d9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryKeyEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json index f4f0a18feeea..955e7000b7c4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetRegistryValueEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json index 3a02825cc871..ba72e7356c72 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityAlertEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json index 3f3588dcbd0c..f513d32ea9de 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSecurityGroupEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json index 448f083ab7f8..616a117aa553 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetSubmissionMailEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json index 6894cdbdf3fe..161daae1eb27 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/GetUrlEntityById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json index 176f826bd618..f1a0a7e4dab8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/expand/PostExpandEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json index 2391078ee5d5..8ac3661e1c58 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/insights/PostGetInsights.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json index 35ed9c59cddd..a5033669d4c1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetAllEntityRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json index 9ed4cb00fa52..c7a3df718560 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/relations/GetEntityRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json index b88e4c341dd5..c9b9d1576bee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entities/timeline/PostTimelineEntity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json index d2b3be91a31b..d70830aef7ce 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/CreateEntityQueryActivity.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json index af9fa196b779..4bd44f8625b0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/DeleteEntityQuery.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json index e7962e195637..97123b9d5f55 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetActivityEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json index 528f8bde47c0..688c5a43b5d2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetEntityQueries.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "kind": "Expansion", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json index 555bb7f02956..bb491ee28d02 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json index 24c328c2ac40..5afa03762bb0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json index 656a9c7402d4..25fabe1cc0bd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "kind": "Activity", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json index b069066bdfb2..c53beec6edc0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/CreateFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json index e0a002c8157a..6637a26f0f3b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/DeleteFileImport.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json index dce50a8217ef..cf468fbcf998 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImportById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json index 9fb527bcf1fc..c5fa68c9ed25 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/fileImports/GetFileImports.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json index e126108dab62..3a211336e1d1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json index 7b7365912e83..29c030c2835a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json index ebed3f4998f7..e854f7ca75de 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/CreateHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json index ba810d97f01e..ad80fa39379b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHunt.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json index e86c41d6735f..3f09d628a553 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntComment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json index cb756b7c48b7..0dc82c39dfb6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/DeleteHuntRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json index bf701358cba5..59ca39fed743 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json index e08fd61811da..2425250d3da5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntCommentById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json index ed0001a27b9c..d68735dc7e5c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntComments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json index b93617eb2015..1ca3b5fae18b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelationById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json index 65bd29d6f1b9..651b8b83bdf6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHuntRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json index 412f930a8389..a8f0e6c1bb02 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/hunts/GetHunts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json index 9b876581eed2..38fa26f54dea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentAlerts/Incidents_ListAlerts.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json index 5184d084d200..b0e552b4e20a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentBookmarks/Incidents_ListBookmarks.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json index 2ff578f0e927..c4a2f71daeb6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json index bd9381743344..99e5ae16ac09 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json index b71c53efff48..e9735d0b4123 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json index edee5ca7da05..52cea41e133f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentComments/IncidentComments_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json index 68e9efa1f352..d02fbfaa0f06 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentEntities/Incidents_ListEntities.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json index e68ddb21e747..4783e4714859 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json index a8cc8df2b4fa..9352bd948205 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json index f74e3738c85b..5287b7ab2c54 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json index 02847f210386..5547e190f61a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTasks/IncidentTasks_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json index 743b9e2969d2..f112ff332aee 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/IncidentTeam/Incidents_CreateTeam.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json index beb1ab946244..644594358c58 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_CreateOrUpdate.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json index 2338dbf49145..43e23f18a66d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Delete.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json index 4ea889657c26..a0def51dafa2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json index 57f0056ef6bf..a444199f126a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/Incidents_List.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json index 7fdbd49095cb..b837915a9fea 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/CreateIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json index f68796779584..aee0a4b274cc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/DeleteIncidentRelation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json index 2ee77562bfef..0081573e5833 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetAllIncidentRelations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json index dc22c32aaa48..36991cad6ecb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/incidents/relations/GetIncidentRelationByName.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json index 35e1dd7b820d..418a4c058fb3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Entities_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json index f049caf64cf6..5120fd001626 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json index 4b644adc53a5..9166735f3272 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/DeleteMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json index 997e43f2ec09..86c78694002b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json index 386fac473ac1..f75461ee36b4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetAllMetadataOData.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json index f69f98b36b12..0cd0450c568d 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/GetMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "2e1dc338-d04d-4443-b721-037eff4fdcac", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json index cf5451b34e51..2115fcc29c76 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PatchMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json index 7d907ee6a9ee..cdb25a33a95f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadata.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json index bdf1d5a812b5..01ea039a9e80 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/metadata/PutMetadataMinimal.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json index 715e1e5a9401..5659118d81f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/DeleteOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json index ec71401cf002..84404cd8944e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsents.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json index 81267254cda2..e894a1d061e6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/officeConsents/GetOfficeConsentsById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json index 14a72a0c1dbb..8262f41bc601 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json index 55386e46d5d6..f25c284c3ac5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json index 86a13e3c7392..4e8beb7d1e89 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json index 66acb61726e1..c9fc960fa8f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json index 2f258376212e..53c13570ca62 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/operations/ListOperations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview" + "api-version": "2023-10-01-preview" }, "responses": { "200": { diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json index 1b7331c896ce..7322ea00eef1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json index 0b0107f1e892..118a193cf314 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/GetRecommendations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json index 3a662647dfea..e65d4fe8cb29 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/recommendations/PatchRecommendation.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -14,7 +14,7 @@ "responses": { "202": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-09-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/recommendations/6d4b54eb-8684-4aa3-a156-3aa37b8014bc?api-version=2023-10-01-preview" }, "body": { "recommendationTypeId": "ThreatIntelligence_Example", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json index dfb6ea193d65..737bfb6bbcef 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "repoType": "Github", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json index 9d54c0d72979..cedff3566eb2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json index 4d500a46d332..2e872997056c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json index be754f138f11..b8c4a9ac8351 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json index 9947ab322e92..05044f96f6ae 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json index 1e1ad703ba0e..fb588b7b6cde 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/DeleteEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json index 0e6a3ed3b949..0d93375b659a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetAllSettings.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json index 4e4c3a845802..6eee9aeaf957 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/GetEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json index 918eab1a3889..517363e1e070 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/settings/UpdateEyesOnSetting.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json index cd259c94d4aa..32ae359d83d0 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/CreateSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json index 64ec9fceb7bc..b0301c844eed 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json index 44d49fcff02d..d7d6b85f0ab7 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControlById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json index 53f76d0f5d12..52cfd3ee4b7f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/GetSourceControls.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json index 9abf2fd1c457..c032dce937a6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json index 9790f2c9706f..30f393f5949a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json index 56036a78c3a2..e5db55b2d76a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/CreateThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json index fe486f3bf753..7a68d3a88861 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json index 44ddd2f05d6e..211c912ea9d6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json index 6588c46cf29c..2afda51a23a9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json index eb8aaaef66dc..aa8b7733fee5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/QueryThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json index 971f239ad6cd..7a06b5ad36f9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json index a246a817a015..3dd15e4e7ebd 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json index 6c23f2648a9e..66fed8c9288f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggerRuleRun_Post.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -16,7 +16,7 @@ "headers": { "Code": "202", "Message": "Accepted", - "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-09-01-preview" + "Location": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/5abbc58b-9655-4f9b-80ac-5a576753e4ec?api-version=2023-10-01-preview" } } } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json index 8386f8f0e561..7bc95e1bb6c3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRun_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json index 42f9fa3c39b6..1accc265fba3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/triggeredAnalyticsRuleRuns/triggeredAnalyticsRuleRuns_Get.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json index 88cceddd72f3..cf9116df35b2 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json index 5a2c538821be..f311ba556159 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json index 3b609218a339..fb861bfbd92c 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/CreateWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json index c982fb11f18e..3eff336d509e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlist.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", @@ -10,7 +10,7 @@ "responses": { "200": { "headers": { - "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-09-01-preview" + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.SecurityInsights/watchlists/1011-01/watchlistStatuses/00000000-0000-0000-0000-000000000000?api-version=2023-10-01-preview" } }, "204": {} diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json index 72c338aaba2d..4def88b88673 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/DeleteWatchlistItem.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json index 7dc93bb4270d..a85894909615 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistByAlias.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json index 02d17be8cec5..749cb357554e 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItemById.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json index b70d29f863f9..bb5ae01637fb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlistItems.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json index 7a86e436df28..e128b1f4ea73 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/watchlists/GetWatchlists.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json index de3a361b1af8..a74c7e4fb0c8 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json index 3ae27a29b5e1..98e0e35d1ed9 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/CreateOrUpdateWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json index f7549fb4c9e1..0dd2bb5b07c6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json index 20b1f118e3e7..2843030ea5cf 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/DeleteWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json index a37b79483e4d..549acb6d2514 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllJobs.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json index 0bbaa4c91c72..986654e3e89b 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetAllWorkspaceManagerAssignments.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json index 781549669253..d6d4373b80cb 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetJob.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json index 2875b7b24cdb..8846e0cfc2a3 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerAssignments/GetWorkspaceManagerAssignment.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json index 90c53fa17add..665b9d5cf4ac 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/CreateOrUpdateWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json index 4b6146a762e1..8ebaeb2d9d33 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/DeleteWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json index ebdb93c67d28..d6ea44530efa 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetAllWorkspaceManagerConfigurations.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json index e9952d7f412c..d3e31b2b6781 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerConfigurations/GetWorkspaceManagerConfiguration.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json index 55bd8ddaa0af..56379b188405 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/CreateOrUpdateWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json index 2d427d690d86..59bfc34db414 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/DeleteWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json index 6f2cfd7cabd1..a6a8996f4897 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetAllWorkspaceManagerGroups.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json index 2ee9d7d37bac..a68e9c02ae34 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerGroups/GetWorkspaceManagerGroup.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json index d40f9960f7f4..489b7aa61d87 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/CreateOrUpdateWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json index 3b84f7007dcf..618e5a661103 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/DeleteWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json index 7da889d7123f..e1f892a0cf4f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetAllWorkspaceManagerMembers.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json index 7daf0a35b448..13972d3ee311 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/workspaceManagerMembers/GetWorkspaceManagerMember.json @@ -1,6 +1,6 @@ { "parameters": { - "api-version": "2023-09-01-preview", + "api-version": "2023-10-01-preview", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", "workspaceName": "myWorkspace", diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json index fcac6b8cef26..2b518f97088a 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/operations.json @@ -3,7 +3,7 @@ "info": { "title": "Security Insights", "description": "API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider", - "version": "2023-09-01-preview" + "version": "2023-10-01-preview" }, "host": "management.azure.com", "schemes": [ From 925d54f2d3837af97b46446b055beab61eb98ff5 Mon Sep 17 00:00:00 2001 From: Oleh Formaniuk Date: Wed, 25 Oct 2023 18:40:17 -0700 Subject: [PATCH 4/7] Add additional OData query parameters + mark some properties as `Expandable` (#25958) * Add additional OData query parameters + mark some properties as `Expandable` * Remove not needed changes * Add `x-ms-identifiers` to `dependantTemplates` array * Fix formatting issues * Add missing properties * Remove `$expand` --------- Co-authored-by: Oleh Formaniuk --- .../2023-10-01-preview/ContentPackages.json | 9 ++++++ .../ContentProductPackages.json | 4 +-- .../ContentProductTemplates.json | 9 ++++++ .../2023-10-01-preview/ContentTemplates.json | 29 +++++++++++++++++-- .../common/ContentCommonTypes.json | 9 ++++++ .../resource-manager/common/2.0/types.json | 24 +++++++++++++++ 6 files changed, 79 insertions(+), 5 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json index 1cd3feca2f25..884858c4358f 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentPackages.json @@ -65,9 +65,18 @@ { "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSearch" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataCount" + }, { "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkip" + }, { "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json index 88c8e5f3911e..38674ee95980 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductPackages.json @@ -44,7 +44,7 @@ "tags": [ "ContentProductPackages" ], - "description": "Gets all packages from the catalog.", + "description": "Gets all packages from the catalog.\nExpandable properties:\n- properties/installed\n- properties/packagedContent", "operationId": "ProductPackages_List", "parameters": [ { @@ -208,7 +208,7 @@ }, "packagedContent": { "$ref": "#/definitions/packagedContent", - "description": "the json to deploy" + "description": "The json to deploy. Expandable." } }, "type": "object" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json index 5e07ac7fd7f3..21fb275342dc 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentProductTemplates.json @@ -65,9 +65,18 @@ { "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSearch" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataCount" + }, { "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkip" + }, { "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json index a1221eeb09b6..543404a9a2b6 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/ContentTemplates.json @@ -44,7 +44,7 @@ "tags": [ "ContentTemplates" ], - "description": "Gets all installed templates.", + "description": "Gets all installed templates.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", "operationId": "ContentTemplates_List", "parameters": [ { @@ -65,9 +65,21 @@ { "$ref": "../../../common/2.0/types.json#/parameters/ODataOrderBy" }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataExpand" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSearch" + }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataCount" + }, { "$ref": "../../../common/2.0/types.json#/parameters/ODataTop" }, + { + "$ref": "../../../common/2.0/types.json#/parameters/ODataSkip" + }, { "$ref": "../../../common/2.0/types.json#/parameters/ODataSkipToken" } @@ -153,7 +165,7 @@ "tags": [ "ContentTemplates" ], - "description": "Gets a template byt its identifier.", + "description": "Gets a template byt its identifier.\nExpandable properties:\n- properties/mainTemplate\n- properties/dependantTemplates", "operationId": "ContentTemplate_Get", "parameters": [ { @@ -298,7 +310,18 @@ "properties": { "mainTemplate": { "$ref": "#/definitions/mainTemplate", - "description": "The JSON of the ARM template to deploy active content" + "description": "The JSON of the ARM template to deploy active content. Expandable." + }, + "dependantTemplates": { + "type": "array", + "items": { + "$ref": "#/definitions/templateProperties" + }, + "description": "Dependant templates. Expandable.", + "readOnly": true, + "x-ms-identifiers": [ + "contentId" + ] } } }, diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json index c4d9ba7ab5aa..293ab080a1e5 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/common/ContentCommonTypes.json @@ -535,6 +535,11 @@ "packageName": { "$ref": "#/definitions/metadataDisplayName", "description": "the name of the package contains this template" + }, + "isDeprecated": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this template is deprecated", + "readOnly": true } } }, @@ -569,6 +574,10 @@ "$ref": "#/definitions/metadataTrueFalseFlag", "description": "Flag indicates if this package is among the featured list." }, + "isDeprecated": { + "$ref": "#/definitions/metadataTrueFalseFlag", + "description": "Flag indicates if this template is deprecated" + }, "version": { "$ref": "#/definitions/metadataVersion", "description": "the latest version number of the package" diff --git a/specification/securityinsights/resource-manager/common/2.0/types.json b/specification/securityinsights/resource-manager/common/2.0/types.json index 95e2052235e5..36760abb92df 100644 --- a/specification/securityinsights/resource-manager/common/2.0/types.json +++ b/specification/securityinsights/resource-manager/common/2.0/types.json @@ -160,6 +160,30 @@ "type": "integer", "format": "int32", "x-ms-parameter-location": "method" + }, + "ODataExpand": { + "description": "Expands the object with optional fiends that are not included by default. Optional.", + "in": "query", + "name": "$expand", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataSearch": { + "description": "Searches for a substring in the response. Optional.", + "in": "query", + "name": "$search", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ODataCount": { + "description": "Instructs the server to return only object count without actual body. Optional.", + "in": "query", + "name": "$count", + "required": false, + "type": "boolean", + "x-ms-parameter-location": "method" } } } From 3ed5da4b78df9a47ab9c3d324d1cf58516369cef Mon Sep 17 00:00:00 2001 From: Oleh Formaniuk Date: Thu, 26 Oct 2023 18:46:44 -0700 Subject: [PATCH 5/7] Fixed Swagger correctness for SourceControls API (#25976) * Fixed Swagger correctness for SourceControls API * Fix a typo * Fix CI errors * Fixed styling --------- Co-authored-by: Oleh Formaniuk --- .../2023-10-01-preview/SourceControls.json | 50 ++++++++++++++++--- .../repositories/GetRepositories.json | 14 +++++- .../sourcecontrols/DeleteSourceControl.json | 12 +++-- 3 files changed, 63 insertions(+), 13 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json index 245c3314f12a..8d66cceb7be1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json @@ -60,7 +60,7 @@ "$ref": "../../../common/2.0/types.json#/parameters/WorkspaceName" }, { - "$ref": "#/parameters/RepoTypeParameter" + "$ref": "#/parameters/RepositoryAccess" } ], "responses": { @@ -307,6 +307,11 @@ "description": "The name of the repository.", "type": "string" }, + "installationId": { + "description": "The installation id of the repository.", + "type": "integer", + "format": "int64" + }, "branches": { "description": "Array of branches.", "items": { @@ -347,6 +352,9 @@ } ], "description": "Represents a SourceControl in Azure Security Insights.", + "required": [ + "properties" + ], "properties": { "properties": { "description": "source control properties", @@ -462,6 +470,34 @@ } } }, + "RepositoryAccessObject": { + "description": "Credentials to access repository.", + "type": "object", + "required": [ + "repositoryAccess" + ], + "properties": { + "repositoryAccess": { + "description": "RepositoryAccess properties", + "$ref": "#/definitions/RepositoryAccess", + "x-ms-client-flatten": true + } + } + }, + "RepositoryAccessProperties": { + "description": "Credentials to access repository.", + "type": "object", + "required": [ + "properties" + ], + "properties": { + "properties": { + "description": "RepositoryAccess properties", + "$ref": "#/definitions/RepositoryAccessObject", + "x-ms-client-flatten": true + } + } + }, "Repository": { "type": "object", "required": [ @@ -490,7 +526,6 @@ } }, "ServicePrincipal": { - "readOnly": true, "type": "object", "description": "Service principal metadata.", "properties": { @@ -508,6 +543,11 @@ "description": "App id of service principal.", "type": "string", "readOnly": true + }, + "credentialsExpireOn": { + "format": "date-time", + "description": "Expiration time of service principal credentials.", + "type": "string" } } }, @@ -959,11 +999,7 @@ "required": [ "repositoryAccess" ], - "properties": { - "repositoryAccess": { - "$ref": "#/definitions/RepositoryAccess" - } - } + "$ref": "#/definitions/RepositoryAccessProperties" }, "x-ms-parameter-location": "method" } diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json index 737bfb6bbcef..affcd4d23cc1 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/repositories/GetRepositories.json @@ -4,7 +4,18 @@ "repoType": "Github", "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0", "resourceGroupName": "myRg", - "workspaceName": "myWorkspace" + "workspaceName": "myWorkspace", + "repositoryAccess": { + "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"", + "properties": { + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } + } + } }, "responses": { "200": { @@ -13,6 +24,7 @@ { "url": "https://api.github.com/repos/user/reponame", "fullName": "reponame", + "installationId": 42424242, "branches": [ "master", "develop" diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json index b0301c844eed..93d02d8f98e4 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/examples/sourcecontrols/DeleteSourceControl.json @@ -6,11 +6,13 @@ "workspaceName": "myWorkspace", "sourceControlId": "789e0c1f-4a3d-43ad-809c-e713b677b04a", "repositoryAccess": { - "repositoryAccess": { - "kind": "OAuth", - "code": "939fd7c6caf754f4f41f", - "state": "state", - "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + "properties": { + "repositoryAccess": { + "kind": "OAuth", + "code": "939fd7c6caf754f4f41f", + "state": "state", + "clientId": "54b3c2c0-1f48-4a1c-af9f-6399c3240b73" + } } } }, From becc3276e25971b063a646076ddd0cdf0e5010dc Mon Sep 17 00:00:00 2001 From: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Date: Fri, 10 Nov 2023 13:59:08 -0800 Subject: [PATCH 6/7] fix the review comments change x-ms-external to false in sourceControl (#26647) --- .../preview/2023-10-01-preview/SourceControls.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json index 8d66cceb7be1..73f5e8a31add 100644 --- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json +++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-10-01-preview/SourceControls.json @@ -891,7 +891,6 @@ }, "Warning": { "description": "Warning response structure.", - "x-ms-external": true, "properties": { "warning": { "$ref": "#/definitions/WarningBody", @@ -902,7 +901,6 @@ }, "WarningBody": { "readOnly": true, - "x-ms-external": true, "description": "Warning details.", "properties": { "code": { From 731fecd09c6982dc24353dc4e2473fab17e761bd Mon Sep 17 00:00:00 2001 From: sagamzu <52034287+sagamzu@users.noreply.github.com> Date: Tue, 14 Nov 2023 20:35:19 +0200 Subject: [PATCH 7/7] Update cSpell.json. Add exception for "Criterias" (#26645) --- cSpell.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cSpell.json b/cSpell.json index fea53e9e76ea..90642f46409d 100644 --- a/cSpell.json +++ b/cSpell.json @@ -926,6 +926,12 @@ "rpath", "runpath" ] + }, + { + "filename": "**/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/**/*.json", + "words": [ + "Criterias" + ] } ], "enableFiletypes": [