-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AlertRules- Add SentinelEntities and extend AlertDetailsOverride #20645
AlertRules- Add SentinelEntities and extend AlertDetailsOverride #20645
Conversation
Hi, @necoh Thanks for your PR. I am workflow bot for review process. Here are some small tips. Any feedback about review process or workflow bot, pls contact swagger and tools team. vscswagger@microsoft.com |
Swagger Validation Report
|
compared swaggers (via Oad v0.9.7)] | new version | base version |
---|---|---|
AlertRules.json | 2022-10-01-preview(129cef2) | 2022-08-01(main) |
AlertRules.json | 2022-10-01-preview(129cef2) | 2022-09-01-preview(main) |
The following breaking changes are detected by comparison with the latest stable version:
️⚠️
LintDiff: 0 Warnings warning [Detail]
compared tags (via openapi-validator v1.13.0) | new version | base version |
---|---|---|
package-preview-2022-10 | package-preview-2022-10(129cef2) | package-preview-2022-10(release-securityinsights-Microsoft.SecurityInsights-2022-10-01-preview) |
The following errors/warnings exist before current PR submission:
Rule | Message |
---|---|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L898 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1005 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1062 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1088 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: isSupported Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1117 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1140 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: isSupported Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1313 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1365 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1526 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1630 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: suppressionEnabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1645 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1720 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: suppressionEnabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L1735 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: createIncident Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L2177 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L2194 |
|
Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: reopenClosedIncident Location: Microsoft.SecurityInsights/preview/2022-10-01-preview/AlertRules.json#L2198 |
️️✔️
Avocado succeeded [Detail] [Expand]
Validation passes for Avocado.
️️✔️
ModelValidation succeeded [Detail] [Expand]
Validation passes for ModelValidation.
️️✔️
SemanticValidation succeeded [Detail] [Expand]
Validation passes for SemanticValidation.
️⚠️
SDK Track2 Validation: 3 Warnings warning [Detail]
- The following tags are being changed in this PR
- "https://github.com/Azure/azure-rest-api-specs/blob/129cef2ceda8a529468faac48e2070c1ae5b3fee/specification/securityinsights/resource-manager/readme.md#tag-package-preview-2022-10">securityinsights/resource-manager/readme.md#package-preview-2022-10
Rule | Message |
---|---|
"readme":"securityinsights/resource-manager/readme.md", "tag":"package-preview-2022-10", "details":"The schema 'components·1qaufw0·schemas·threatintelligenceindicatorproperties·properties·extensions·additionalproperties' has no type or format information whatsoever. Location:\n file:///mnt/vss/_work/1/azure-rest-api-specs/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-10-01-preview/ThreatIntelligence.json#/components/schemas/components·1qaufw0·schemas·threatintelligenceindicatorproperties·properties·extensions·additionalproperties" |
|
"readme":"securityinsights/resource-manager/readme.md", "tag":"package-preview-2022-10", "details":"The schema 'components·2sbdb2·schemas·watchlistitemproperties·properties·itemskeyvalue·additionalproperties' has no type or format information whatsoever. Location:\n file:///mnt/vss/_work/1/azure-rest-api-specs/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-10-01-preview/Watchlists.json#/components/schemas/components·2sbdb2·schemas·watchlistitemproperties·properties·itemskeyvalue·additionalproperties" |
|
"readme":"securityinsights/resource-manager/readme.md", "tag":"package-preview-2022-10", "details":"The schema 'components·84fvid·schemas·watchlistitemproperties·properties·entitymapping·additionalproperties' has no type or format information whatsoever. Location:\n file:///mnt/vss/_work/1/azure-rest-api-specs/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-10-01-preview/Watchlists.json#/components/schemas/components·84fvid·schemas·watchlistitemproperties·properties·entitymapping·additionalproperties" |
The following errors/warnings exist before current PR submission:
Rule | Message |
---|---|
"readme":"securityinsights/resource-manager/readme.md", "tag":"package-preview-2022-10", "details":"Security scheme azure_auth is unknown and will not be processed. Only supported types are AADToken, AzureKey, Anonymous" |
️️✔️
PrettierCheck succeeded [Detail] [Expand]
Validation passes for PrettierCheck.
️️✔️
SpellCheck succeeded [Detail] [Expand]
Validation passes for SpellCheck.
️️✔️
CadlValidation succeeded [Detail] [Expand]
Validation passes for CadlValidation.
Swagger Generation Artifacts
|
Generated ApiView
|
Hi, @necoh your PR are labelled with WaitForARMFeedback. A notification email will be sent out shortly afterwards to notify ARM review board(armapireview@microsoft.com). |
@necoh |
@necoh |
bd1f6a3
into
Azure:release-securityinsights-Microsoft.SecurityInsights-2022-10-01-preview
#20858) * Adds base for updating Microsoft.SecurityInsights from version preview/2022-09-01-preview to version 2022-10-01-preview * Updates readme * Updates API version in new specs and examples * fix (#20640) * AlertRules- Add SentinelEntities and extend AlertDetailsOverride (#20645) * Add SentinelEntities and extend AlertDetailsOverride * Add SentinelEntities and extend AlertDetailsOverride * Entities 2022 10 01 preview added security alert timeline item intent and techniques (#20665) * Added SecurityAlertTimelineItem Intent and techiques * changed intent to enum * reran prettier Co-authored-by: Natanel Mizrahi <natanel.mizrahi@gmail.com> Co-authored-by: dosegal <51155368+dosegal@users.noreply.github.com> Co-authored-by: loriatarms <105870291+loriatarms@users.noreply.github.com> Co-authored-by: necoh <53861229+necoh@users.noreply.github.com> Co-authored-by: nmizrahi6 <100570740+nmizrahi6@users.noreply.github.com> Co-authored-by: Natanel Mizrahi <natanel.mizrahi@gmail.com>
ARM API Information (Control Plane)
MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.
Azure 1st Party Service can try out the Shift Left experience to initiate API design review from ADO code repo. If you are interested, may request engineering support by filling in with the form https://aka.ms/ShiftLeftSupportForm.
Changelog
Add a changelog entry for this PR by answering the following questions:
Contribution checklist (MS Employees Only):
If any further question about AME onboarding or validation tools, please view the FAQ.
ARM API Review Checklist
Otherwise your PR may be subject to ARM review requirements. Complete the following:
Check this box if any of the following apply to the PR so that the label "ARMReview" and "WaitForARMFeedback" will be added by bot to kick off ARM API Review. Missing to check this box in the following scenario may result in delays to the ARM manifest review and deployment.
-[ ] To review changes efficiently, ensure you copy the existing version into the new directory structure for first commit and then push new changes, including version updates, in separate commits. You can use OpenAPIHub to initialize the PR for adding a new version. For more details refer to the wiki.
Ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.
If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.
Breaking Change Review Checklist
If you have any breaking changes as defined in the Breaking Change Policy, request approval from the Breaking Change Review Board.
Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Additional details on the process and office hours are on the Breaking Change Wiki.
NOTE: To update API(s) in public preview for over 1 year (refer to Retirement of Previews)
Please follow the link to find more details on PR review process.